Manager, Information Security
ADVITO
Lagunilla CR
hace 5 días

Job Summary :

The Manager of Information Security will work collaboratively across the BCD Travel organization to plan, direct and coordinate security compliance initiatives to ensure compliance with regulatory, legal and contractual obligations.

The Manager will align the security policy and standards with business need and will clearly communicate those needs into requirements actionable by the BCD Travel organization.

The Compliance Manager will also identify and report on the compliance, the effectiveness of the security controls and will support security posture improvement efforts of BCD Travel

Essential Duties and Responsibilities :

Foster a security positive culture :

  • Promote and exhibit collaboration and positive teamwork
  • Use a teaching / education approach to help users understand their risks and better protect information and systems.
  • Analyze, report and integrate security into daily business operations.
  • Build relationship and create value :

  • Provide high quality customer service by listening and understanding the needs of the users.
  • Evaluate and implement methods to continually improve security and assist business with reducing risks.
  • Leverage industry leading knowledge to analyze and assess gaps and provide recommendations for remediation
  • Demonstrate and employ consultative expertise to share opportunities to enhance security through improving business operations.
  • Comply with business requirements :

  • Study and understand the core functions and services that are provided by the business.
  • Be familiar with the security requirements and controls needed to maintain the business operations.
  • Translate business requirements into actionable security tasks.
  • Assess gaps and develop remediation plans
  • Integrate and implement security requirements into business requirements.
  • Continually evaluate effectiveness to achieve business objectives.
  • Validate the implementation of security policies, practices and systems' ability to maintain compliance to business requirements.
  • Demonstrate extensive mastery of security controls to meet legal, regulatory and contractual requirements
  • Utilize a risk based approach :

  • Stay current with industry trends and emerging technologies relating to Information Security.
  • Identify and communicate threats and vulnerabilities that could impact business operations.
  • Assess, document and communicate risks in context with business operations.
  • Develop and communicate remediation plans capable of reducing risk to the organization.
  • Assist business owners with prioritizing risks and consulting users on adequate compensating controls to reduce
  • Protect information :

  • Review and understand the security policies, procedures and standards
  • Assist with communication, implementation and analysis of compliance to security policies, standards and procedures
  • Assess and communicate security control strengths and opportunities with relevant stakeholders
  • Identify, classify and respond to threats using industry leading practices and in accordance with data classification
  • Develop, implement and report metrics to monitor use of information management investments and secure operations.
  • Implement and execute enterprise security governance framework
  • Report security performance :

  • Collect, calculate and format data for metrics reporting.
  • Analyze metrics and report trends and opportunities for improvement.
  • Develop, monitor and report security control effectiveness
  • Develop measurable goals and objectives
  • Communicate status of initiatives and their capabilities to meet business needs
  • Planning :

  • Understand the organization’s core competencies and the value delivered to business processes.
  • Drive operational efficiency through effective management of security staff and other supporting resources (people, financial and services).
  • Develop functional strategic direction to meet business requirements and security goals.
  • Direct, analyze and respond to resource constraints impacting program timelines and deliverables
  • Utilize skills in consulting, auditing and business process analysis to identify and communicate gaps to meeting security objectives.
  • Perform other information security projects / duties as needed
  • Team Management & Leadership

  • Manage human resources including hiring, coaching, scheduling, terminating, training, motivating, recognizing achievements and evaluating performance.
  • Perform or direct personnel recruiting, hiring, training, and separation. Exercise hiring and firing authority in coordination with HR.
  • Evaluate and manage employee performance and conduct periodic appraisals
  • Create Development Plans that promote employee growth, development and success
  • Education / Knowledge / Experience

  • Proven experience as compliance manager with minimum 5 years of information security compliance and risk management
  • Direct staff management (3 years)
  • Broad range of exposure to all aspects of IT security audit planning, audit methodologies, risk management methodologies and contract review
  • Expert level knowledge in various industry standards and best practices such as PCI, ISO / IEC 27001, SOCI I & II Certifications
  • Proven track record in managing and implementing information security governance, risk and compliance programs using industry leading solutions such as RSA Archer
  • Excellent business communication skills
  • Ability to work autonomously or as part of a team, within targets and deadlines
  • Proven experience working in a global organization with diverse cultural considerations and time zones
  • Degree / Master Degree in information security, information technology or related discipline
  • Security industry relevant certifications such as CISA, ISA, CISM, CISSP, CRISC, HISP, etc.
  • Information Security

    Reportar esta oferta
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Inscribirse
    Mi Correo Electrónico
    Al hacer clic en la opción "Continuar", doy mi consentimiento para que neuvoo procese mis datos de conformidad con lo establecido en su Política de privacidad . Puedo darme de baja o retirar mi autorización en cualquier momento.
    Continuar
    Formulario de postulación