Epicareer Might not Working Properly
Learn More

Information Security Manager

RM 13,000 - RM 15,999 / Per Mon

Apply on

Availability Status

This job is expected to be in high demand and may close soon. We’ll remove this job ad once it's closed.


Original
Simplified
• Oversee the deployment and management of security tools, including firewalls, SIEM systems, IDS/IPS, endpoint protection, and data loss prevention (DLP) solutions. • Establish and maintain incident response protocols, leading investigations and coordinating remediation efforts for security breaches and cyber incidents. • Monitor and analyze security events using tools like Splunk, ELK Stack, or QRadar, implementing proactive threat detection and response measures. • Ensure compliance with regulatory requirements and frameworks such as ISO 27001, NIST, GDPR, SOC 2, and PCI DSS. • Develop and enforce identity and access management (IAM) policies, including multi-factor authentication (MFA), single sign-on (SSO), and role-based access control (RBAC). • Implement and oversee encryption standards for data at rest and in transit, ensuring secure handling of sensitive information. • Develop, implement, and maintain a robust information security strategy and policies to safeguard organizational data, systems, and infrastructure. • Conduct regular risk assessments and security audits to identify vulnerabilities and implement appropriate mitigation strategies. • Collaborate with IT and DevOps teams to integrate security practices into the software development lifecycle (DevSecOps). • Provide training and awareness programs to employees, promoting a culture of security throughout the organization. • Conduct vulnerability assessments and penetration testing using tools like Nessus, Qualys, or Metasploit to identify and remediate weaknesses. • Manage vendor relationships and third-party risk assessments to ensure the security of outsourced services and supply chain components. • Lead the development of disaster recovery and business continuity plans, ensuring organizational resilience in the event of disruptions. • Stay current with emerging cybersecurity threats, trends, and technologies, advising the organization on potential risks and preventive measures. Qualifications: • Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Technology, or a related field. • 7+ years of experience in information security, with at least 3+ years in a management or leadership role. • Deep understanding of security principles, frameworks, and technologies, including firewalls, IDS/IPS, SIEM, and encryption standards. • Hands-on experience with compliance standards such as ISO 27001, NIST, SOC 2, GDPR, and PCI DSS. • Strong expertise in risk management, incident response, and vulnerability assessment methodologies. • Proficiency in security tools such as Splunk, QRadar, Nessus, and Qualys. • Solid understanding of network security, IAM, and endpoint protection practices. • Knowledge of secure software development practices and DevSecOps principles. • Excellent analytical, problem-solving, and decision-making skills. • Strong leadership and interpersonal skills, with the ability to manage cross-functional teams and communicate security concepts to non-technical stakeholders. • Relevant certifications such as CISSP, CISM, CEH, or CRISC are highly desirable.