Assistant Manager / Deputy Manager- Information Security

Job Summary:

The Assistant Manager - Information Security will play a critical role in ensuring the organization's compliance with global security standards, including ISO 27001, SOC 2, PCI DSS, and other relevant frameworks. The role involves conducting internal audits, vulnerability assessments (VA), penetration testing (PT), risk assessments, policy implementation, and collaborating with cross-functional teams to enhance the organization's security posture.

Key Responsibilities:

- Develop, implement, and maintain security policies, procedures, and standards in line with ISO 27001, SOC 2, PCI DSS, and other applicable frameworks.

- Plan, execute, and manage internal audits to ensure compliance with security policies and industry standards.

- Perform and oversee regular Vulnerability Assessments (VA) and Penetration Testing (PT) exercises.

- Collaborate with cross-functional teams to address and resolve security audit findings.

- Monitor and manage security controls, risk assessment processes, and compliance activities.

- Provide guidance and training to internal teams on information security best practices.

- Stay updated on emerging security threats, trends, and regulatory changes.

- Assist in third-party vendor risk assessments and ensure alignment with security requirements.

- Prepare detailed audit, VA/PT, and compliance reports for management review.

- Coordinate with external auditors during certification and surveillance audits.

- Support incident response and business continuity planning activities.

Required Qualifications:

- Bachelor's degree in Information Technology, Cybersecurity, or related field.

- Relevant certifications such as ISO 27001 Lead Auditor/Implementer, CISA, CISM, and CISSP will be preferred.

- 3-5 years of experience in information security, with hands-on exposure to ISO 27001, SOC 2, PCI DSS, VA, and PT.

- Proven experience in conducting internal audits, vulnerability assessments, and risk assessments.

- Strong knowledge of security frameworks, compliance standards, and best practices.

- Excellent analytical, problem solving, and communication skills.

Preferred Skills:

- Experience in managing security tools and technologies.

- Familiarity with GRC (Governance, Risk, and Compliance) tools.

- Strong documentation and report-writing abilities.

- Hands-on experience with VA/PT tools such as Nessus, Burp Suite, or Qualys.