Deputy Manager - Information Security

Maintain Documentations (Such as, policies, Processes etc.)

• Develop and implement information security policies, procedures, and guidelines to protect organizational data, systems, and networks.
• Regularly review and update policies to reflect changes in the threat landscape and business requirements.

Implement Security by Design principles

• Design secure IT infrastructure and networks across on-premise, cloud, and hybrid environments.
• Establish a technical security management system that aligns with local security regulations and industry best practices.
• Review the appropriateness of security and provide security guidance and requirements for new services, systems, and data centers (IDCs) to ensure asset security.

Proactive Threat Protection

• Implement and manage robust security controls, including firewalls, intrusion detection/prevention systems, antivirus software, and encryption tools
• Proactively monitor the threat landscape, staying current with the latest vulnerabilities and industry best practices.
• Monitor and analyze security logs and alerts to promptly detect and respond to security incidents.
• Investigate and resolve security breaches, incidents, and unauthorized access attempts
• Manage physical security controls, including access systems and regular access reviews

Security Assessments & Compliance

• Conduct regular security assessments and audits to identify and remediate vulnerabilities.
• Perform risk assessments and recommend mitigation strategies.
• Continuously improve the effectiveness of security controls and processes
• Respond to regulatory inquiries and support external audits and certifications.

Stakeholder Collaboration (internal / external)

• Partner with external security vendors to enhance the organization’s security posture.
• Collaborate with cross-functional teams to integrate security into new systems and technologies.
• Work with HQ to ensure compliance with global security policies.

User training/ Awareness

• Develop and deliver security awareness training programs to educate employees on information security best practices.

Provide quarterly program updates to the Information Security Steering Committee, including an annual report on the cybersecurity program and key risks.