Apply now »

Information Security Manager

Information Security Governance & Operations
Description: 

CORE PROFILE

The Information Security Governance, Risk and Compliance (GRC) Manager is a people manager role within the Information Security Governance and Operations department. The scope includes all aspects of Governance, Risk Management and Compliance as it relates to Information Security of the Maya Group. The incumbent is expected to lead the InfoSec GRC team composed of individuals with technical and non-technical backgrounds within the InfoSec GRC domain. The role owns the GRC program and is expected to work closely with senior leaders in the company, particularly those in Technology, Risk and Compliance, Legal, and People Group as primary stakeholders.

 

NATURE OF WORK

  • Be the central, authoritative source of Information Security Risk information.
  • Develop and maintain Key Performance Indicators and Key Risk Indicators for existing Information Security Program components.
  • Oversee the external party infosec risk management program.
  • Ensure compliance to information security regulations and laws.
  • Maintain cybersecurity certifications (ISO 27001, PCI DSS) and lead future certification efforts.
  • Develop, maintain and enforce security policies.
  • Educate employees and external parties on Information Security as it relates to their functions.
  • Ensure effective and efficient execution of key Information Security controls through various testing and assessment techniques.

 

 

REQUIRED QUALIFICATIONS: 

  • College degree holder
  • Expert understanding of Information Security Risk, Audit and Control principles
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • Certified in Risk and Information Systems Control (CRISC)
  • ISO 27001 Lead Auditor or Implementer
  • Certified Information Systems Security Professional (CISSP)
  • Payment Card Industry Professional (PCIP)
  • Operational knowledge of global Information Security program frameworks such as NIST  Cybersecurity Framework, MITRE Att@ck
  • Proven experience in leading compliance projects in the financial services industry
  • Experience in managing law enforcement and regulator expectations
  • Hands-on experience in implementing and using an InfoSec GRC tool
  • Proven ability in mentoring rising leaders, leading teams and presenting information to senior management

Apply now »