Associate Manager - Information Security

Description

This role is pivotal in ensuring that practices align with regulatory requirements, internal policies, and industry best practices. The ideal candidate will have experience with Cybersecurity policy management, Awareness and training and a strong understanding of security frameworks such as PCI DSS, ISO 27001, NIST, and COBIT.

Key Responsibilities:

Cybersecurity Policy Development & Governance

• Develop, review, and maintain cybersecurity policies, standards, and guidelines.
• Ensure alignment with global frameworks such as ISO 27001, NIST, and GDPR.
• Collaborate with cross-functional stakeholders to drive policy adoption and compliance.
• Maintain and enhance governance documentation including policies, standards, and procedures.
• Risk & Compliance
• Conduct gap assessments to identify policy and control deficiencies.
• Recommend and implement improvements to strengthen the security posture.
• Support internal and external audits by providing relevant documentation and evidence.
• Monitor regulatory and industry changes to ensure timely policy updates.
• Communications & Awareness
• Design and execute cybersecurity awareness campaigns and training programs.
• Draft clear, concise communications for policy updates, incident notifications, and best practices.
• Act as a liaison between technical teams and business units to ensure effective communication.
• Lead the annual review and refresh of security information presentations in collaboration with subject matter experts.
• Training & Stakeholder Engagement
• Conduct regular training sessions for the Service Management (SM) team on security controls and client-specific requirements.
• Coordinate SME participation in quarterly meetings and training initiatives.
• Facilitate knowledge sharing and engagement across teams to promote a security-first culture.

Audit Readiness & Documentation Management

• Maintain and organize SharePoint and Jira spaces for audit readiness and evidence tracking.
• Ensure documentation is up-to-date, accessible, and aligned with audit and compliance requirements.

Required Qualifications:

• Bachelor’s / master’s degree in information security, Computer Science, Information Technology, or a related discipline.
• 10 –12 years of progressive experience in Information Security, with a strong focus on cybersecurity policy development, governance, and communications.
• In-depth knowledge of global cybersecurity frameworks and standards such as ISO 27001, NIST, PCI DSS, and COBIT.
• Demonstrated experience in drafting, reviewing, and maintaining security policies, standards, and procedures.
• Strong understanding of identity lifecycle management and User Access Review (UAR) processes.
• Proven ability to manage documentation and audit readiness using platforms like SharePoint and Jira.
• Excellent communication skills, with the ability to translate complex technical concepts into clear, business-friendly language.
• Experience in conducting cybersecurity awareness programs and stakeholder training sessions.
• Strong analytical and organizational skills, with the ability to work independently and lead cross-functional initiatives.

Preferred Qualifications:

• Professional certifications such as CISSP, CISA, CISM, CRISC, GIAC
• Experience with GRC platforms.
• Prior involvement in internal and external audit processes, including evidence preparation and stakeholder coordination.
• Familiarity with legal and regulatory standards such as GDPR, CCPA, FERPA benchmarks, and other data protection laws.
• Experience in leading cybersecurity communications during incidents and policy rollouts.