IT Security Manager

Job Description

The IT Security Lead will be responsible for leading the Information Security / IT department and ensuring the security of the company's digital assets. This role requires a deep understanding of cybersecurity frameworks, risk management, incident response, cloud security, and identity & access management. The IT Security Lead will be responsible for developing and implementing security protocols, managing the IT security team, and ensuring compliance with relevant laws and regulations.

Responsibilities of IT Security Lead

• Develop and implement security policies, protocols, and procedures to protect the company's digital assets.
• Lead the IT security team, providing guidance, and ensuring the team is up-to-date with the latest security systems and threats.
• Conduct regular security audits to identify vulnerabilities and implement corrective actions.
• Manage the incident response process, including the investigation of security breaches and the implementation of corrective actions.
• Ensure the company's security systems comply with relevant laws and regulations, such as GDPR and HIPAA.
• Collaborate with other departments to integrate security measures into their processes.
• Manage the company's identity and access management system, ensuring only authorized individuals have access to sensitive information.
• Oversee the company's cloud security strategy, ensuring data stored in the cloud is secure.
• Stay up-to-date with the latest security trends and technologies and implement them as necessary.
• Manage conflicts within the team and ensure a collaborative working environment.
• Provide regular reports to senior management on the company's security status.

Functional Competencies

• Cybersecurity Frameworks: The candidate should have a deep understanding of various cybersecurity frameworks such as NIST, CIS, and ISO 27001. This includes the ability to implement, manage, and update these frameworks as per the organization's needs.
• Risk Management: The candidate should be able to identify potential IT security risks and develop strategies to mitigate these risks. This includes conducting risk assessments and implementing risk management processes.
• Incident Response: The candidate should be capable of developing and implementing incident response plans to handle security breaches. This includes identifying the cause of the breach, minimizing the damage, and preventing future incidents.
• Cloud Security: The candidate should have experience in securing cloudbased platforms such as AWS, Azure, and GCP. This includes understanding the unique security challenges of the cloud and implementing appropriate security measures.
• Identity & Access Management (IAM): The candidate should have experience in managing user identities and controlling their access to resources. This includes implementing single signon (SSO), multifactor authentication (MFA), and privileged access management (PAM) solutions.
• Network Security: The candidate should have a strong understanding of network security principles and technologies, such as VPNs and firewalls. This includes the ability to design, implement, and manage secure networks.

Behavioural Competencies

• Change Management: The candidate should be able to manage changes in IT security policies and procedures, ensuring that all stakeholders are informed and prepared for the change.
• Team Management: The candidate should have experience leading a team, including delegating tasks, resolving conflicts, and motivating team members.
• Conflict Management: The candidate should be able to effectively handle conflicts within the team or with other stakeholders, ensuring that all issues are resolved in a timely and satisfactory manner.
• Collaboration: The candidate should be able to work effectively with other teams and departments, ensuring that IT security is integrated into all aspects of the organization.
• Business Acumen: The candidate should understand the business implications of IT security decisions, ensuring that all decisions support the organization's strategic goals.

Good to have skills

• NIST, CIS, ISO 27001, GDPR, HIPAA: The candidate should have a deep understanding of these specific cybersecurity frameworks and regulations, including the ability to implement and manage them.
• IDS/IPS, SIEM, DLP: The candidate should have experience with these specific security technologies, including the ability to implement and manage them.
• Endpoint Protection, Encryption Technologies: The candidate should have experience with endpoint protection and encryption technologies, including the ability to implement and manage them.
• AWS, Azure, GCP: The candidate should have experience with these specific cloud platforms, including the ability to secure them.
• SSO, MFA, PAM, VPN, Firewalls: The candidate should have experience with these specific IAM and network security technologies, including the ability to implement and manage them.

Qualification

Educational Requirement: Educational Qualifications: Bachelors or Masters degree in Computer Science, Information Technology, Cybersecurity, or a related field. Relevant certifications such as CISSP, CISM, CISA, CEH, or equivalent.

Preferred Qualification: encryption protocols, PKI, SSL/TLS, CISSP, CISM, CEH, Cryptography

Department

Information Security / IT