Information Security Manager

JOB DESCRIPTION

Summary / Objective

Essential Functions

1. Develop, maintain and implement information security policies, procedures, controls and guidelines.
2. Monitor and manage security infrastructure such as firewalls, IDS/IPS, and system logs.
3. Perform regular health monitoring, upgrades and maintenance.
4. Manage real time security threats & incidents to identify and quarantine threats.
5. Assist in process, assessment and implementation of annual PCI DSS certification.
6. Coordinate and Conduct periodic Vulnerability and Penetration Testing exercises.
7. Co-ordinate with other departments and address their requirements regarding security compliance.
8. Provide security awareness & secure code training.
9. Recommend and ensure the implementation of defensive functions (e.g., encryption, access control, and identity management) to reduce systems exploitation opportunities.
10. Provide recommendations for security gaps mitigation.
11. Productively evaluate and recommend new security technologies that can enhance company information security.
12. Manage incident response (IT / Information Security) and support systems.
13. Review infrastructure technology vendor contracts and risk assessment.
14. Monitor & review firewall rules and configuration.
15. Respond to security breaches and network emergencies as necessary.
16. Document all support and maintenance activities in accordance with internal policies.
17. Responsible for maintaining and updating the Information Security Risk Register.
18. Assist in the development, testing, and maintenance of the organization’s business continuity and disaster recovery plans from a security perspective
19. Conduct security due diligence on third-party vendors and partners; evaluate contractual terms and SLAs to ensure security requirements are met.

Competencies

1. Strong knowledge in penetration testing & Vulnerability assessment, using industry-standard tools and methodologies.
2. Have good experience in programming / scripting language at least in of the following: PHP, JAVA, or Go.
3. Have good experience in bash scripting.
4. Have good experience in code review with ability to identify and remediate code-level vulnerabilities.
5. Implementation experience with security solutions such as: WAF, IPS, SIEM, LDP.
6. Good knowledge of the top 10 OWASP application security risks and mitigation techniques.
7. Good knowledge of PCI DSS standard and experience participating in audits and remediation processes.
8. Have knowledge of mobile applications security assessment.
9. Strong knowledge of internet standards and protocols including TCP/IP.
10. Strong skills in information security governance, including policy development, procedure writing, and risk documentation.

Preferred Education and Experience

1. Bachelor’s degree in computer science or equivalent.
2. At least +5 years of experience in information security / security engineering or similar roles.
3. Security Certificate in security field such as (CISSP, CISM, OSCP, CEH – Security+,CCNA) is a plus.
4. Previous experience working in a payment gateway of banking facility is a plus.