The Senior IT Security Manager role is the process, standards and procedures subject matter expert in on how to identify and protect the IT environment, detect and respond to cyber threats, and ensure the recovery in the event of a cyber disaster or other security critical incident. The job holder is responsible for overseeing the management of cyber risk and control programs including vulnerability management, 3rd party risk assessment, and the cyber security controls program.

• Responsible for conducting risk audits and assessments, evaluating IT security plans for effectiveness, and integrating IT security policies with business operations.
• Oversee experts whom discover, assess, manage, and mitigate security risks.
• Responsible for managing the quality of output of the technical experts while also building & executing the tactical and strategic plans to address these identified risks;
• Develop & maintain technical experts in a very quickly evolving technical landscape, while keeping teams communicating, motivated, even with a given fixed set of resources.
• Ensure that the organization’s information security program is compliant with regulatory requirements. This includes monitoring changes to regulatory requirements and ensuring that the organization’s information security program is updated accordingly.
• This role is primarily responsible over two key security capabilities; Security Operations & Security Engineering. This role also oversees several specialist roles responsible for Vulnerability Management, Cyber Risk Management, Cyber Controls Management, and Identity & Access Management.
• Coordinate with global stakeholders, vendors and suppliers.
• Assess vendor risks, review vendor contracts or terms of service, and help different teams within the organization understand third-party risks and data privacy issues.

• 8-10 years working experience in information technology including 3-5 yrs. people management experience
• Good multi-platform knowledge. Experience in Windows, Linux, Mac, Android, AWS, Azure, IP Network, firewalls, Office 365, etc.
• Security functional knowledge including: EDR, SEIM/SOAR, intrusion detection, incident response, policy writing, vulnerability testing, operating system hardening, regulatory compliance, and data classification.
• Experience in defining and implementing security solutions, policies, and technologies relating to Identity Management, Information Protection etc., with experience in Business Continuity/ Disaster Recovery implementations and executions.
• This role must have technical expertise in security architecture, enterprise architecture, IT strategy, and security concepts related to networking, endpoint security, cloud technology, cyber attack techniques, and incident handling procedures. This requires deep domain knowledge in many technical areas, but also extends to business processes such as regulations, legal, and human resources.