Information Security and Standards Manager  

I. Job Description

The Information Security Manager is an experienced and highly skilled individual who will lead Corporate IT’s information security initiatives and ensure compliance with industry standards and regulations. Will be responsible for establishing and maintaining information security policies, implementing security controls, conducting risk assessments, and building a strong security culture.

II. Duties and Responsibilities

• Develop, implement, and maintain an information security management framework, including policies, procedures, and controls to protect the confidentiality, integrity, and availability of information assets.
• Lead team of security administrations to design, implement and enforce security controls for all aspects of the TGI infrastructure
• Lead team of process improvement analysis to maintain and identify continual improvements to relevant policies and processes under Corporate IT
• Ensure compliance with relevant industry standards (ISO 27001, CIS CSC and others), regulations (Data Privacy Act), and best practices related to information security.
• Conduct regular risk assessments and vulnerability assessments to identify and prioritize potential security threats and vulnerabilities, and develop mitigation strategies.
• Collaborate with cross-functional teams to design and implement security controls and measures to mitigate identified risks and vulnerabilities.
• Oversee the implementation and management of security technologies, such as firewalls, intrusion detection systems, encryption solutions, and endpoint protection tools.
• Monitor and analyze security incidents and events, conducting investigations as necessary, and implementing incident response plans.
• Provide guidance and support to IT teams and employees on information security practices, policies, and awareness training.
• Stay updated with emerging threats and security trends, and assess their potential impact on the organization's information security posture.
• Lead the development and execution of security awareness and training programs to promote a culture of security consciousness among employees.
• Coordinate and participate in internal and external audits related to information security and compliance, ensuring timely remediation of identified issues.
• Collaborate with third-party vendors and partners to ensure their compliance with information security requirements and contractual obligations.

Qualifications

A. Minimum Education

• Graduate of Computer Science or equivalent
• Relevant certifications (Comptia Security+, CISSP, CISM, ISO) are highly desirable

B. Minimum Experience/Training

• Proven experience in information security management, including risk assessment, policy development, security controls implementation, and incident response.
• In-depth knowledge of information security standards, frameworks (e.g., ISO 27001, NIST Cybersecurity Framework), and regulatory requirements.
• Familiarity with relevant data protection regulations (e.g. DPA) and privacy principles.
• Strong understanding of network and system security principles, cryptography, and secure coding practices.
• Experience with security technologies and tools, such as firewalls, intrusion detection/prevention systems, SIEM, and vulnerability scanning tools.
• Excellent knowledge of security best practices for applications, databases, operating systems, and cloud environments.

C. Competency

• Strong analytical and problem-solving skills, with the ability to assess complex security issues and develop effective solutions.
• Excellent communication and interpersonal skills, with the ability to effectively communicate security-related concepts to technical and non-technical audiences.
• Ability to lead and influence cross-functional teams and foster a security-aware culture.
• Demonstrated project management and organizational skills, with the ability to prioritize and manage multiple initiatives.