Information Security Manager

 

Description:

Key Responsibilities:

 

- Manage day-to-day information security operations, focusing on access control for software products, networks, and processes.

- Safeguard confidential client data and information.

- Guide software architects in threat management and preventive measures throughout the application development lifecycle.

- Conduct manual security testing and source code reviews for diverse technologies.

- Perform vulnerability assessments and penetration tests on critical data, services, and environments.

- Identify and report security vulnerabilities, proposing improved security measures.

- Handle incident response and related tasks as needed.

- Develop security requirements, technical designs, and configuration recommendations to enhance security infrastructure in collaboration with teams.

- Assist in designing and implementing security solutions for the organization's technical infrastructure and business applications.

- Evaluate and deploy security tools such as firewalls, intrusion detection systems, encryption technologies, and threat management utilities.

- Execute vulnerability and penetration tests to discover security weaknesses.

- Maintain data security through encryption, tokenization, and effective key management practices.

- Analyze and adjust network, system, and application configurations for optimal security.

- Ensure routine operations comply with established security policies.

- Stay current with the latest security technologies and countermeasures against emerging threats.

- Help develop long-term security testing strategies, risk assessments, and policy development.

- Conduct post-incident analyses to prevent future breaches and identify responsible parties.

 

Required Skill Set:

 

- Proficient in information security frameworks like ISO/IEC 27001, NIST, and OWASP.

- Strong knowledge of TCP/IP networking, switching, routing, and microservices architecture.

- Experienced with Linux systems and virtualization technologies.

- Skilled in application security, including the use of tools for vulnerability scanning and code analysis.

- Capable of implementing security architecture and technologies.

- Expertise in managing DNS, email security, VPNs, DDoS prevention, and proxy services.

- Proficient with security and monitoring tools such as SIEM/SOAR, Web Application Firewalls, and risk management solutions.

- Experience conducting vulnerability assessments and penetration tests.

- Capable of writing and implementing security policies and procedures.

 

Qualifications and Experience:

 

- Bachelor’s degree in Technology, Engineering, or Information Security.

- A professional security certification (e.g., CISSP, CISM, CEH) is preferred.

- At least 4 years of hands-on experience in information security management.