Senior Manager - Information Security

Description

The Manager/ Senior Manager – Information Security will be instrumental in developing, evaluating, and ensuring alignment with cybersecurity controls and policies, maintaining compliance with standards, and embedding security into the organization’s products, services, and technology infrastructure. This position demands a subject matter expert capable of bridging the gap between security policy, risk, and technical implementation. A solid understanding of the latest security frameworks and technologies, including Cloud and AI, is essential to effectively inform and support risk-based decision-making.

Key Responsibilities

Cybersecurity Policy & Governance

• Working knowledge of frameworks such as NIST Cybersecurity Framework, NIST Risk Management Framework, NIST AI Risk Frameworks. The candidate will have an evolved understanding of the regulatory landscape for Information Security and Data Protection for the financial sector.
• Convert identified security risks into policy requirements while ensuring alignment with business objectives.
• Work with security, engineering, architecture, and operational teams to confirm that policies are technically feasible and provide guidance on implementing and enforcing controls.
• Drive enhancement of the security program, including developing and maintaining policies, standards, guidelines, procedures, and updating to ensure alignment with relevant industry frameworks.
• Review, assess, mature and manage security policy, processes and procedures and their implementation; Develop and enhance an up-to-date information security program based on the NIST and other applicable industry standard frameworks.
• Enhance, and/or establish the model and process for the managing the development and ongoing maintenance of security policies and standards; manage an effective exception process to facilitate and manage requests for non-compliance with policies, standards and baselines.
  
  

Risk Management and Assessments

• Function as a security specialist, providing advisory support or directly conducting comprehensive risk assessments and control gap analyses across services, products, infrastructure, and applications.
• Maintain up-to-date knowledge of industry standards, regulatory requirements, and emerging threats to inform risk assessment and remediation processes.
• Offer recommendations and guidance on effective risk mitigation strategies that align with business objectives and maintain appropriate security standards.
• Track emerging threats, evolving industry standards, best practices, and regulatory changes in order to proactively advise on necessary updates to policies, controls, or other measures required to strengthen and modernize our risk management posture.
• Effective evidence and 2nd line risk management process experience is critical for this role.
  
  

Security Architecture

• Provide guidance on secure cloud, network architecture, segmentation, and system hardening.
• Work with engineering teams to monitor and maintain secure configurations and access controls.
• Lead or advise on security reviews of new technologies and system changes.
• Carry out Security Architecture Integration by conducting ongoing or targeted architecture reviews to confirm that security is incorporated, integrated, and verified in designs and implemented services.
• Establish and uphold architectural security principles throughout the technology and services ecosystem.
• Assess and integrate security tools and technologies to support the enterprise security posture.
  
  

Security Assurance and Attestations

• Maintain documentation and evidence repositories to facilitate internal and external support.
• Utilize platforms such as SharePoint and Jira to ensure optimal assessment preparedness.
• Collaborate with control owners to monitor, address, and close findings efficiently.
• Enhance, and/or establish the model and process for the managing the independent assurance, testing and attestations. Support the management and execution of all structured assessments helping business and operational areas proactively minimize risk and the possibility of findings.
  
  

Awareness & Communication

• Develop and implement cybersecurity awareness programs designed for both technical and non-technical teams.
• Prepare concise communications regarding policy changes, risk advisories, and incident notifications.
• Deliver training sessions to stakeholders on security controls and risk management procedures.
  
  

Required Qualifications

• Bachelor’s / Master’s degree in Information Security, Computer Science, or related field.
• 10–15 years of experience in Information Security with a strong focus on risk management, network security, and security architecture.
• Hands-on experience in system/network administration (Windows/Linux/Cloud).
• Deep understanding of frameworks such as ISO 27001, NIST, PCI DSS, and COBIT.
• Proven experience in drafting and implementing security policies and technical standards.
• Strong knowledge of identity lifecycle management and access governance.
• Experience with audit documentation and evidence management tools (e.g., SharePoint, Jira).
• Excellent communication and stakeholder engagement skills.
  
  

Preferred Qualifications

• Certifications: CISSP, CISM, CISA, CRISC, or equivalent.
• Experience with GRC platforms and risk assessment methodologies.
• Familiarity with regulatory standards such as GDPR, CCPA, and other data protection laws.
• Exposure to cloud platforms (Azure, AWS) and security tools (e.g., Defender, CrowdStrike, Tenable).
• Knowledge of enterprise architecture frameworks and secure design principles.