Information Security Manager

Responsibilities:

• Protects both internal service delivery assets and client facing managed services
• Compliance & Auditing: Ensure strict alignment with industry-standard frameworks (e.g., ISO 27001, PCI-DSS). Lead governance adherence, internal audits, and external client compliance assessments
• Stakeholder & Client Management:
• Serve as the primary point of contact for client security inquiries, presenting security metrics, risks, and proposed mitigation controls
• Direct engagement with customer to provide technical expertise and guidance regarding the optimization of the managed security environment
• Policies and Governance:
• Work closely with stakeholders, review security policies of the existing environment
• Direct the development, implementation, and enforcement of InfoSec policies, cybersecurity roadmaps, and incident response plans
• Develop, implement, and maintain the firm's sustainable information security framework, policies, and risk management plans
• Operational and Implementation:
• Establishes, implements, and upgrades an organization's cybersecurity measures to protect networks and systems from potential attacks
• Coordinate rapid triage, response, and post-mortems for any security breaches or service disruptions
• Execute existing configurations, security policies and identify areas of improvement
• Provide analysis report on existing current and areas of improvement
• Create Security Awareness:
• Collect existing materials of security awareness. Prepare for the security awareness training
• Vendor Management: Manage third-party technology vendor licensing, relationships, and budget planning

Key Requirements & Qualifications:

• Education & Certifications: Bachelor's degree in Computer Science, Cybersecurity, or a related field. Industry-recognized certifications such as Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) are highly preferred
• Experience: 5+ years of combined experience in IT security, risk management, and physical security management, preferably within a Managed Service Provider (MSP/MSSP) setting
• Technical Acumen: Strong knowledge of security architecture, including SIEM, SOAR, EDR/XDR, firewalls, and vulnerability management
• Soft Skills: Exceptional stakeholder management, crisis leadership, and problem-solving abilities to navigate complex, fast-paced environments