Information Security Manager
Job Description
The Information Security Manager (ISM) at our company is responsible for the creation, implementation, and ongoing management of the Security Framework (LSF). This framework spans all critical security domains including Cloud (AWS, Azure, GCP), Identity and Access Management (IAM), Operations, Data, Artificial Intelligence (AI), SAP on Cloud, and Product Development.
The ISM ensures that security is embedded by design, by default, and by operation, guiding the business and technical teams to align with industry best practices and compliance standards. This role is crucial in safeguarding and its client environments by promoting a proactive security culture, ensuring that policies, standards, procedures, and guidelines are comprehensive, current, and operationally enforced
- Security Governance & Frameworks: Deep knowledge of ISO 27001, NIST, CIS, CSA CCM, SOC2 and secure development lifecycle principles.
- Cloud Security: Strong understanding of cloud-native security across AWS, Azure, and GCP.
- SAP & AI Security: Awareness of security requirements for SAP on Cloud and modern AI/ML platforms.
- Data Security & Governance: Experience with data classification models, data loss prevention (DLP), encryption, and compliance frameworks (e.g., GDPR, HIPAA, CCPA).
- Risk & Compliance: Ability to lead risk assessments, develop mitigation strategies, and map controls to compliance standards.
- Communication & Influence: Strong skills in translating technical controls into business language and influencing at all organisational levels.
- Documentation & Reporting: Skilled in producing comprehensive policy documents, compliance reports, and security dashboards.
Security Framework Design
- Designing, implementing and evolving comprehensive security frameworks (e.g., LSF)
Cloud Security
- Knowledge of AWS, Azure, GCP security capabilities and governance
Data Security & Governance
- Ability to manage data classification, protection, retention, and privacy
IAM & Policy Management
- Deep expertise in managing IAM policies, roles, and access controls
Risk & Compliance
- Ability to assess, report and drive remediation of risks across cloud and operations
Security Governance
- Development of policies, standards, and assurance frameworks
Cross-Team Collaboration
- Ability to lead without authority and engage multiple technical/business teams
Reporting & Reviews
- Clear, concise security reporting for MSRs and QBRs
Customer Advisory
- Comfortable advising customers on information and risk management
Strategic Thinking
- Capability to shape long-term security posture aligned to business goals
Education and Experience:
- Minimum of 5 years of experience in Information Security, including governance, risk, and compliance (GRC) functions.
- Experience designing and implementing enterprise security frameworks in a cloud-native or hybrid environment
- Relevant maintained professional certifications such as CISM, ISO 27001 Lead Implementer.
Additional Requirements:
- Occasional travel may be required.
- The selected applicant will be subject to a background investigation, which will be conducted and the results of which will be used in compliance with applicable law.
Responsibilities Duties:
- Security Framework Development: Lead the design and evolution of the LSF to cover all operational and technical domains, including data classification, protection, governance, and lifecycle management.
- Policy & Governance: Develop and maintain security policies, ensuring supporting standards, procedures, and guidelines are created by relevant teams and aligned to regulatory and business needs.
- Operational Assurance: Establish and oversee security compliance mechanisms across the business, ensuring secure-by-default practices in architecture, deployment, and operations.
- Security Compliance & Testing: Lead ongoing compliance assessments and internal audits and provide reporting at client and business unit levels.
- Client-Facing Advisory: Act as a subject matter expert and advisor on security and risk management, supporting pre-sales engagements, Monthly Service Reviews (MSRs), and Quarterly Business Reviews (QBRs).
- Cross-Functional Engagement: Partner with Architecture, DevOps, SAP, and AI teams to ensure that security is built-in, not bolted on.
- Security Awareness & Culture: Promote a strong security culture through internal guidance, awareness campaigns, and training.
- Continuous Learning and Development: Stay updated on the latest cloud security trends, technologies, and regulatory changes. Participate in ongoing professional development and certification.
- Promote automation: Work with our Security Engineers to ensure that our controls are applied and governed through automated means wherever possible.
Supervisory Responsibilities:
- No direct line management, but strong influence across Architecture, Product, Operations, and Customer Success teams.
- May lead virtual security working groups and mentor staff in security-related responsibilities