IT Security Manager

Reporting To: Senior Director, IT

About the Role

We are seeking an experienced Information Security Manager to lead and strengthen our information security program across regional operations. This role will be responsible for cybersecurity governance, risk management, compliance, security operations oversight, and incident management to ensure the protection of business systems, data, and technology assets.

The successful candidate will work closely with IT, business stakeholders, and external partners to drive security initiatives, manage cyber risks, and ensure compliance with regulatory and industry requirements.

Key Responsibilities

• Develop, implement, and maintain information security policies, standards, and procedures.
• Drive the organization's information security roadmap and governance framework.
• Monitor and report key security risks, compliance gaps, and remediation activities to management.
• Ensure alignment with industry standards and regulatory requirements.

• Oversee cybersecurity controls across networks, endpoints, cloud platforms, and enterprise applications.
• Monitor vulnerability management, patch compliance, logging, and incident response readiness.
• Collaborate with IT teams to continuously improve security controls and operational resilience.

• Manage identity and access management processes, including privileged access controls, multi-factor authentication (MFA), and access reviews.
• Support data protection initiatives including encryption, data classification, and secure information handling practices.
• Review security requirements for new systems, applications, and third-party integrations.

• Maintain the information security risk register and track remediation plans.
• Coordinate internal and external security audits, compliance reviews, and third-party assessments.
• Support compliance with security frameworks, standards, and regulatory requirements.
• Promote security awareness and best practices across the organization.

• Coordinate the response and investigation of significant cybersecurity incidents.
• Work closely with business stakeholders, IT teams, and external vendors on security-related matters.
• Present security updates, risk assessments, and recommendations to management.

Requirements

• Bachelor's Degree in Information Security, Cybersecurity, Information Technology, Computer Science, or a related discipline.

• Minimum 8 years of experience in information security, cybersecurity, risk management, governance, or compliance roles.
• Proven experience managing security governance, audits, risk assessments, and incident response activities.
• Experience supporting regional or multinational business operations is preferred.

Certifications

Candidates with one or more of the following certifications will have an advantage:

• CISSP
• CISM
• CISA
• ISO 27001 Lead Implementer or Lead Auditor

• Information Security Governance
• Cyber Risk Management
• Security Operations & Incident Response
• Identity & Access Management
• Audit & Compliance Management
• Stakeholder Management
• Strong Communication and Presentation Skills
• Analytical and Problem-Solving Skills

• Opportunity to lead regional cybersecurity initiatives.
• Exposure to multi-country operations and enterprise security programs.
• Collaborative and dynamic work environment.
• Opportunity to influence security strategy and governance at an organizational level.

Note: Regional travel and occasional after-hours support may be required.