Manager - Cyber Security - IT

Job Description

Experience : 5 to 10 years

1. Bachelor's degree in Computer Science, Information Systems, or equivalent education or work experience

2. Cybersecurity Certification shall be an added advantage

3. Cyber Security Manager will be responsible for developing, implementing and monitoring a strategic, comprehensive IT security plan for platforms across Enterprise IT, will manage the risk to the platform assigned and will ensure business alignment, effective governance, system and infrastructure availability, integrity and confidentiality.

4. This position reports to Head of Enterprise IT Security

Roles and Responsibilities:

1. Develop and Implement Cyber Security Strategy:

a) Develop and implement a comprehensive cyber security strategy aligned with the organization's goals and objectives.

b) Identify potential cyber security risks and vulnerabilities and devise strategies to mitigate them.

c) Stay updated with the latest industry trends, emerging threats, and best practices in cyber security and data privacy.

2. Manage Incident Response and Recovery:

a) Develop and maintain an incident response plan to effectively respond to and manage cyber security incidents.

b) Manage the incident response team in investigating and containing security breaches, minimizing the impact and ensuring timely recovery.

c) Coordinate with internal stakeholders, legal teams, and regulatory bodies during incident response and reporting..

3. Conduct Risk Assessments and Vulnerability Management:

a) Perform regular risk assessments and vulnerability scans to identify and prioritize potential threats and vulnerabilities.

b) Collaborate with IT teams and system administrators to remediate identified vulnerabilities and implement appropriate security controls.

c) Monitor and report on the effectiveness of vulnerability management efforts.

4. Ensure Data Privacy Compliance:

a) Ensure compliance with relevant data privacy regulations, such as GDPR, CCPA, or industry-specific standards.

b) Establish and maintain data privacy policies, procedures, and controls to protect sensitive data.

c) Conduct regular privacy impact assessments and audits to identify and address any privacy gaps or risks.

d) Certification will be added advantage or atleast training on data privacy.

5. Manage Security Awareness and Training:

a) Develop and implement security awareness programs to educate employees on cyber security best practices and data privacy.

b) Conduct regular training sessions to increase employee awareness and understanding of potential threats and their role in maintaining data privacy.

c) Develop a security-conscious culture within the organization and encourage a proactive approach to cyber security.

6. Collaborate with Stakeholders:

a) Collaborate with internal stakeholders, such as IT teams, legal, HR, and senior management, to align cyber security initiatives with business objectives.

b) Work with external partners, vendors, and customers to ensure secure handling and exchange of data and information.

7. Monitor and Manage Security Controls:

a) Coordination with SOC team - Monitor security incidents, conduct investigations, and prepare reports for senior management and relevant stakeholders.

b) Oversee the implementation and management of security controls, including firewalls, intrusion detection systems, encryption technologies, and access controls.

c) Regularly review and update security policies, procedures, and guidelines to address evolving threats and technological advancements.

8. Continuously Improve Cyber Security Practices:

a) Regularly assess and evaluate the effectiveness of cyber security measures, policies, and procedures.

b) Identify areas for improvement and implement necessary changes to enhance the organization's cyber security posture.

c) Stay informed about emerging technologies and trends in cyber security and data privacy to proactively adapt and enhance security practices.