Who you are

• This strategic leadership role requires a unique blend of technical security expertise and a deep understanding of business processes
• 8-10 years of relevant experience combined with +1 year of team management
• Cloud Security Expertise: Deep knowledge of securing cloud environments like AWS, Azure, or GCP
• Regulatory and Compliance Acumen: In-depth understanding of the laws, regulations, and standards relevant to the organization's industry and geographic locations
• Network Security: A strong understanding of firewalls, intrusion detection/prevention systems, and secure network architecture
• Identity and Access Management (IAM): Proficiency with Single Sign-On (SSO) and Multi-Factor Authentication (MFA)
• Endpoint Security: Experience protecting employee devices and servers from threats
• Audit Management: Proficiency in managing both internal and external audits, from planning and evidence gathering to responding to findings and tracking remediation
• Vulnerability Management: The ability to identify, assess, and remediate vulnerabilities in corporate systems
• Leadership and Communication: You can clearly articulate complex security concepts to both technical and non-technical audiences, influencing stakeholders across the organization
• Strategic Thinking: The ability to align security initiatives with broader business objectives
• Problem-Solving: The capacity to remain calm under pressure and make critical decisions during a security incident
• Professional certifications such as CISSP, CISM, or similar

What the job involves

• As our Manager, Information Security & GRC, you will be the architect and cornerstone of our integrated risk management and internal security programs
• You will be responsible for safeguarding our corporate assets, data, and employees by developing and maturing our Governance, Risk, and Compliance (GRC) framework
• You will not only manage our security posture but also ensure the entire organization makes risk-informed decisions aligned with our strategic objectives
• Develop and enforce security policies and procedures, establishing clear guidelines for everything from data handling to acceptable technology use
• Implement and manage data protection and privacy measures to ensure compliance with relevant regulations
• Align the security program with our overall GRC strategy, ensuring a unified controls framework that efficiently meets multiple compliance and governance requirements (e.g., ISO 27001, SOC 2, GDPR)
• Lead the incident response process, from initial detection and containment to eradication and recovery
• Establish and manage the Enterprise Risk Management (ERM) program, including defining the corporate risk appetite, conducting risk assessments, and maintaining a central risk register
• Educate employees on current threats and best practices to foster a company-wide security-conscious culture
• Manage vendor and third-party risk, ensuring all external partners meet our security standards
• Collaborate closely with IT and other departments to ensure security is seamlessly integrated into all corporate systems and processes

Benefits

• We take mental health seriously
• Paid time off
• Self-care is not selfish
• Personal spending amount
• Financial support for home office upgrading
• Financial support for home internet and mobile phone costs
• Visier Gimes program for PTO
• Leadership and support training
• Career development & mentorship