Information Security Manager Job Description Template

The company’s teams for access management, technology controls, resilience, and cybersecurity are coordinated by the Information Security Manager. In this role, you’ll help develop risk management processes and oversee their implementation, as well as analyzing company databases to identify and address potential security risks. These teams partner strategically with other internal teams and external stakeholders to design, adopt, and integrate appropriate controls, deliver consistent processes and solutions, and promote control automation. To support these efforts, a successful candidate will have in-depth knowledge of industry trends and standards as well as proficiency with the latest cybersecurity software. 

Typical Duties and Responsibilities

  • Manage the operational, technological, and legal risks associated with the business
  • Establish proper governance to control and proactively spot problems and changes in the underlying systems’ risk profile
  • Help application, product, and information owners understand the overall risk profile so that the proper controls may be introduced 
  • Ensure technology solutions adhere to firm-wide risk and regulatory standards by cultivating a strong risk and control environment
  • Collaborate with other control roles, such as software developers, business control managers, compliance, internal audit, and external regulators
  • Proactively identify, assess, and manage inherent risks in our system and promote a risk-mitigating culture
  • Oversee regulatory and firm policy requirements for a wide range of technologies
  • Drive control optimization, education, process efficiency, and better client experience to foster innovation and develop the environment for technology control
  • Identify threats, risks, and relevant mitigation methods to support risk decisions and carry out security risk assessment operations
  • Create a framework for integrated technology control that keeps the right balance between business and product development, risk reduction, and financial gains
  • Drive transparent, quantifiable, and long-lasting control improvements by working together with the audit, compliance, business control management, and technology teams
  • Provide clear direction to business, product, and technology stakeholders so they can manage their risks effectively
  • Contribute to the creation of a culture of risk and control that is centered on proactive awareness of and enhancement of the control environments

Education

  • Bachelor’s degree in computer science, information security or a related field

Required Skills and Experience

  • 5+ years of experience in technology or IT risk management
  • Proven track record in risk management, preferably in the audit or compliance activities, technology, or other pertinent control functions
  • Proficient in architectural design principles, cyber threat assessments, and the software development life cycle
  • Proficient with firewalls, endpoint security, mobility management, and vulnerability scanning
  • Demonstrated expertise in the management of technology and application risks and controls
  • Understanding of different control structures (e.g., FFIEC, COBIT, NEST)
  • Ability to build effective working relationships with teammates, coworkers, and external organizations who are spread out geographically and from different cultural backgrounds
  • Demonstrated aptitude for analysis and problem-solving
  • Excellent communication skills in writing, speaking, and presenting
  • Outstanding interpersonal, negotiation, and persuasive abilities
  • Strong organizational skills and the capacity to multitask successfully

Preferred Qualifications

  • Experience building or maintaining infrastructure and apps
  • Certifications like CISSP, CRISC, CISA, CISM, and CCSP
Contact us

Recruit with Nexus IT Group