Information Security Manager

Role: Information Security Manager

Security Architecture Review & Threat Modeling:

• Conduct  security architecture reviews for applications, cloud environments, and IT systems to identify risks.
  
• Perform  threat modeling (e.g., STRIDE, PASTA, MITRE ATT&CK, DREAD) to assess potential attack vectors and weaknesses.
  
• Analyze  authentication, encryption, and access control mechanisms within application and system architectures.
  
• Review security controls against industry standards and organizational policies (e.g., NIST, ISO 27001, OWASP, CIS Controls, TISAX ).
  
• Provide  secure design recommendations to mitigate identified risks.
  

Application & Cloud Security Assessment:

• Assess  web, mobile, and cloud-based applications for security risks and misconfigurations.
  
• Evaluate API security, microservices architectures, and containerized environments for vulnerabilities.
  
• Validate implementation of IAM, Zero Trust, network segmentation, and encryption standards .
  

Security Risk & Compliance Evaluation:

• Identify security gaps in applications and infrastructure and recommend compensating controls.
  
• Ensure compliance with GDPR, SOC 2, PCI-DSS, ISO 27001, TISAX, and other relevant security frameworks .
  

Collaboration & Reporting:

• Create  comprehensive reports detailing identified risks, mitigation strategies ,  cloud specific controls ,  data flow diagram, trust zones, and improvement recommendations.
  
• Collaborate with stakeholders to develop and refine the enterprise security architecture and threat modeling strategies.
  

Qualifications & Experience:

• Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Information Technology, or a related field.
  
• Over 9 Years of experience, including 3+ years of experience in security architecture review, threat modeling, and risk assessment.
  
• Strong expertise in threat modeling frameworks such as STRIDE, PASTA, MITRE ATT&CK, OWASP ASVS .
  
• Knowledge of cloud security (AWS, Azure, GCP), API security, and microservices architecture .
  
• Familiarity with IAM, Zero Trust, MFA, RBAC, PAM, and network security principles .
  
• Experience in secure SDLC, DevSecOps, and security assessment .
  
• Hands-on experience with security assessment tools (e.g., Microsoft Threat modeling, Microsoft Visio).
  
• Understanding of penetration testing methodologies, security misconfigurations, and application security risks .
  

Preferred Certifications:

• CISSP (Certified Information Systems Security Professional)
  
• CSSLP (Certified Secure Software Lifecycle Professional)
  
• CCSP (Certified Cloud Security Professional)
  
• AWS/Azure Security Certifications
  
• CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional)