Information Security Manager

We are looking to hire an experienced Information Security Manager who will be responsible for developing security standards, enhancing security processes, and collaborating with the GRC department for automation and continuous monitoring of security measures. As well as the security manager will manage security risk assessments, document, and report control failures, guide remediation activities, and lead the security team.

Responsibilities:

• Implement security controls, risk assessment framework, and program that align with regulatory requirements, ensuring documented and sustainable compliance that aligns and advances ProgressSoft objectives.
• Evaluate risks and develop security standards, procedures, and controls to manage risks.
• Improve ProgressSoft’s security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
• Collaborate with the GRC department to implement processes, and improve automate, and continuously monitor information security controls, exceptions, risks, and testing.
• Develop reporting metrics, dashboards, and evidence artifacts.
• Update security controls and provide support to all stakeholders on security controls covering internal assessments, regulations, and protecting Personally Identifying Information (PII) data.
• Perform and investigate internal and external information security risk and exceptions assessments.
• Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test results, phishing, and social engineering tests and attacks.
• Document and report control failures and gaps to stakeholders.
• Provide remediation guidance and prepare management reports to track remediation activities.
• Manage, train, guide, and lead the security team.
• Maintain best practices and technological advancements and act as the leader and owner of security assessments and compliance.
• Identify threats and risk exposures.
• Assess and manage security risks.
• Monitor the implementation of corresponding mitigating controls.

Requirements:

• 8+ years of experience in cyber security, and information security.
• Extensive experience in information security and/or IT risk management focusing on security.
• Solid understanding of security protocols, cryptography, authentication, and authorization.
• Understanding of ISO 27001 and PCI DSS standards preferred.
• Experience with risk management principles and associated methodologies.
• Ideally will have OSCP, CISSP, CISA, CISM, or similar qualifications.
• Proven ability to make sound pragmatic decisions and judgements under tight timelines.
• Strong interpersonal and influencing skills with the ability to influence and collaboratively drive change internally and externally.
• Excellent level of communication skills.
• Excellent command of the English language.
• Penetration testing experience is preferred, but not required.
• Experience in the Financial sector (Banking) preferred.