Job Description
You are currently viewing the The Recruitment Company Sydney.The Information Security Manager is responsible for establishing and maintaining a comprehensive and strategic information security program across the organisation. This role ensures that all information assets are adequately protected and oversees the coordination of all information security efforts, ensuring compliance with relevant regulatory and industry standards such as PCI, ISO, ITIL, SOC, CIS, and DORA.Key Responsibilities:Strategic Leadership: Develop and implement security policies, practices, and standards aligned with the company’s business strategy. Oversee security functions related to IT systems, networks, applications, and communications, ensuring secure access and use of information assets by employees, vendors, and customers. Collaborate across business units to execute the information security strategy.Risk Management: Assess the organization’s risk tolerance and implement appropriate security measures. Foster a security-aware culture within the corporate environment. Identify, evaluate, and report on security risks and projects to stakeholders, including the Board of Directors.Business Continuity & Disaster Recovery: Develop and implement business continuity and disaster recovery policies. Coordinate plans to ensure critical business services are recoverable in the event of a disaster. Provide guidance and consultation on these areas.Stakeholder Collaboration: Influence and guide senior leaders on complex cybersecurity issues. Exercise sound judgment in managing staff, collaborating with peers, and enforcing cybersecurity policies.Security Operations: Conduct risk assessments, identify potential threats, and implement measures to mitigate risks. Monitor network and system logs, investigate security events, and take appropriate actions. Participate in incident response and provide technical support during investigations.Collaboration & Architecture: Work closely with IT, DevOps, and development teams to design, implement, and maintain secure application and network architectures. Stay updated on emerging security threats, technologies, and trends, and recommend enhancements to the security program.Compliance & Audits: Lead PCI DSS 4.0 audits and manage the implementation and transition to the ISO 27001:2022 standard. Complete third-party risk assessments and ICT questionnaires. Conduct regular security audits, vulnerability scans, and penetration tests to maintain the organization’s security posture.Training & Support: Provide security awareness training and best practices to employees. Respond to security-related inquiries and assist with incident resolution. #J-18808-Ljbffr