Senior Manager, Information Security Job Description Template
Our company is looking for a Senior Manager, Information Security to join our team.
Responsibilities:
- Passion for technology, information security, and how Quantcast protects and delivers services to its users;
- Understand the security needs of internal and external stakeholders, regulators, and auditors;
- Be a champion for Information Security both internally and externally;
- You will lead the development and oversight of required corrective action plans relating to security risks and compliance requirements;
- Identify, research, and evaluate new compliance requirements and present them to the team and leadership;
- Undertake and/or lead regulatory readiness assessments and development of appropriate strategies;
- You will be responsible for managing all incidents that are reported at Quantcast and the Jira Infosec queue;
- Evaluating the information security risks of key technology security initiatives within the context of jurisdictional requirements;
- Addresses legal and regulatory requirements of systems falling within a compliance program and monitors compliance with ISPS requirements;
- Aligns with metric based measurement of progress and provide input into executive dashboards regularly;
- Builds and fosters strong relationships, and collaborates closely with peers and partner groups in Corporate;
- Manages security compliance assessments and controls testing and oversees remediation of control failures;
- Gathers artifacts for internal and external compliance assessments;
- Provides leadership in executing and expanding on the strategy of the Information Security Officer;
- Knows and evaluates current policies to provide directional analysis and mitigation projects.
Requirements:
- Understand Risk Management principles and the tools to ensure attention is brought to high-risk areas;
- Have solid knowledge of ISO 27001, NIST and other information security standards and ideally have some experience implementing these standards;
- Good communicator who is used to working in a dynamic environment;
- Solid attention to detail and ability to communicate that detail in summary form;
- Role certifications required: Certificated internal auditor; certified lead implementor (in line with ISMS);
- Ability to multi-task and meet deadlines;
- Prefer one of the following certifications: CISSP, CISM, CISA or equivalent;
- Proven ability to achieve results in a fast moving, dynamic environment;
- Proven understanding of information security risk assessment and technology risk management and compliance procedures and methodologies;
- Demonstrated experience leading work of others;
- Ability to establish and maintain relationships with individuals at all levels of the organization, in the business community and with vendors;
- Thorough knowledge of all aspects of information security and compliance including SOX and SSAE 16, ISO 27001/2, and PCI;
- Solid understanding in application security, cloud security, security operations, incident response and infrastructure security;
- Skilled in translating technical data into business impact information;
- Proven analytical and problem-solving abilities.