StatusNeo - Manager - Cyber Security (9-17 yrs)

JD - IT Security

Job Overview: The IT Security Manager is responsible for establishing and maintaining the organization's information security program to ensure the confidentiality, integrity, and availability of information assets. This role involves developing and implementing security policies, conducting risk assessments, and overseeing security measures to protect against unauthorized access, security breaches, and cyber threats.

Key Responsibilities:

- Develop and implement an overall information security strategy and roadmap.

- Collaborate with senior management to align security initiatives with business objectives.

- Develop, implement, and maintain information security policies and procedures.

- Ensure compliance with relevant laws, regulations, and industry standards.

- Liaison with vendors, internal and external Security Audits & Assessments VAPT, GDPR/ISO 27001 compliance.

- Conduct regular risk assessments and vulnerability assessments.

- Should have a good understanding of Firewalls, DLP, EDR, Network & Application Security, NDR, SIEM, SOAR, etc.

- Develop and implement risk mitigation strategies and plans.

- Oversee the implementation and maintenance of security tools and technologies, such as firewalls, antivirus programs, and intrusion detection/prevention systems.

- Manage encryption methods and secure network communication.

- Design and implement a robust and scalable security architecture.

- Evaluate and recommend security solutions, including hardware and software

- Develop and maintain an incident response plan.

- Lead the response to security incidents, conduct investigations, and implement corrective actions.

- Develop and deliver security awareness programs for employees.

- Provide training on security policies, procedures, and best practices.

- Conduct regular security audits to assess the effectiveness of security controls.

- Coordinate third-party security assessments and penetration testing.

- Oversee the implementation and management of identity and access management controls.

- Ensure the principle of least privilege is enforced.

- Implement and manage security information and event management (SIEM) systems.

- Monitor security alerts, incidents, and vulnerabilities.

- Evaluate and ensure the security posture of third-party vendors.

- Review and negotiate security terms in vendor contracts.

Qualifications:

- Bachelor's degree in Information Technology, Computer Science, or a related field.

- Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar.

- Proven experience in information security management, risk management, and compliance.

- Strong understanding of security technologies, protocols, and best practices.

- Excellent communication and leadership skills.

Experience:

Typically, candidates for this role should have 8 to 10 years of experience in information security, with a demonstrated ability to lead and manage security initiatives. Experience in incident response, risk management, and security architecture is highly desirable.