Information Security Manager(Hybrid)

Job Overview:
The Information Security Manager is responsible for overseeing the institution’s information and data security. The ISO manages the organization’s security posture, including risk assessments and incident response, and collaborates with both IT and business leadership to ensure all systems are secure and compliant with industry standards. This role maintains independent oversight by reporting directly to the Risk Management Head.

Main Duties and Responsibilities:

Policy and Procedure Development:
Design and implement information security policies and procedures aligned with applicable laws and regulations to protect information assets.
Stay updated on the latest legislation, regulations, advisories, alerts, and vulnerabilities affecting the business.
Plan and schedule information security activities, including IT health checks and security reviews.
Research and recommend security measures for new applications or packages.
Risk Assessment and Management:
Develop and implement an active information security risk assessment program.
Administer and monitor measures to protect the organization’s information facilities from breaches, threats, or hacks.
Develop and implement an incident reporting and response system for security breaches.
Respond to policy violations and complaints, initiating change requests to prevent recurrence.
Identify and manage risks to the confidentiality, integrity, and availability of information assets.
Ensure Root Cause Analysis (RCA) is conducted and attached to reports on security deviations.
Recommend enhanced work processes in coordination with business unit heads to address recurring problems.
Policy Dissemination and Training:
Coordinate the dissemination of information security policies, standards, and procedures.
Lead the development and delivery of educational and training programs on information security and related laws and regulations for employees and stakeholders.
Compliance Monitoring:
Monitor compliance with information security policies and procedures.
Take corrective and preventive actions as necessary.
Manual Review and Updates:
Conduct annual or interim reviews of the Information Security Manual to incorporate regulatory updates and process changes.
Ensure policies remain compliant with regulatory requirements and best practices.
Additional Responsibilities:
Perform other tasks as assigned by the Risk Management Head.
Competencies and Attitudes Required:
Technical competencies in IT Governance, Network Infrastructure, Systems Administration, Unified Threat Management, Configuration Management, Database Administration, and Project Management.
Strong understanding of regulations and industry best practices.
Excellent problem-solving and analytical skills.
Strong organizational skills.
Education and Experience Required:
At least 5 years of experience in Information Security, Information Technology, or related fields.
Preferably licensed and/or certified (e.g., CISSP).
Excellent project management, written, and oral communication skills.
Ability to work collaboratively with personnel at all organizational levels.
Self-starter with the ability to work independently with minimal supervision.