Information Security Manager

Information Security Operations is a hands‑on leadership role that is responsible for the design, performance, planning, budgeting, securing, monitoring, and integration of Cybersecurity initiatives. You will play a crucial role in refining and creating processes related to the Risk Management Framework (RMF), threat/vulnerability analysis, penetration testing, and reporting exercises. Your primary objective is to enhance cybersecurity capabilities and incident threat response processes to ensure they meet company requirements and industry standards.

• Deliver on cybersecurity initiatives. Coordinates with internal teams and external vendors to ensure the cybersecurity resilience is tested frequently.
• Oversees audits and evaluations of the cybersecurity environment. Manages the planning, documentation, testing, integration, and execution of cybersecurity projects including annual budgeting and coordination of vendor responsibilities.
• Security Policies: Establish and enforce security policies, procedures, and guidelines to protect digital assets, sensitive trade data, and intellectual property. Design and implement security controls for networks, systems, and applications.
• Risk Management: Assist in the development and maintenance of our Risk Management Framework (RMF) processes and documentation. Conduct regular risk assessments, vulnerability assessments and scans, and penetration tests on our infrastructure, applications, and networks to identify and address potential risks and develop risk mitigation plans to safeguard the organization against cyber threats and vulnerabilities. Be responsible for the business fraud investigation and mitigation.
  
  Analyze security controls and provide recommendations for improvements.
• Incident Response: Proactively search for threats and vulnerabilities within our environment. Conduct incident handling and coordination, ensuring a rapid and effective response to security events. Create and maintain an effective incident response plan, ensuring timely and efficient recovery from security breaches and disruptions. Monitor security logs and respond to security incidents in a timely manner and defend our systems against cyber threats.
• Incident Investigation and Forensics: Carry out thorough research and investigation on security incidents. Work with internal teams and external vendors to conduct research and forensics. Provide incident detection, analysis, and response, helping to improve our overall security posture.
• Regulatory Compliance: Ensure compliance with all related regulatory bodies. Ensure that all cybersecurity activities are conducted in accordance and compliance with all regulatory and government policies, standards, and requirements.
• Security Awareness: Develop and oversee a security awareness program to educate employees, members, and stakeholders about security awareness and best practices in cybersecurity.
• Vendor Security: Evaluate and monitor the security practices of third‑party vendors, partners, and service providers. Collaborate with the internal teams and external vendors to assess, document, and authorize information systems using the RMF.
• Stakeholder
  
  Collaboration:
  
  Collaborate with internal and external stakeholders, such as customs authorities, shipping partners, and regulatory bodies, to ensure security standards and trade compliance. Collaborate with IT and development teams to integrate security measures into the design and implementation of systems.
• Reporting: Provide regular reports and updates to executive management and the board of directors on the state of cybersecurity and compliance. Maintain accurate records of all activities, including findings, actions taken, and recommendations for improvement. Develop reports and documentation related to cybersecurity exercises and events.

• Bachelor's or Master's degree in Information Security, Computer Science, or equivalent and appropriate work experience.
• Industry‑recognized certifications, such as CISSP, CISM, or CISA.
• Knowledge of threat/vulnerability analysis, penetration testing, and red‑team/blue‑team exercises.
• Proven experience as an Information Security Engineer or similar role.
• Strong knowledge of information security principles and best practices.
• Experience with security technologies, including firewalls, IDS/IPS, antivirus, and encryption.
• Familiarity with security frameworks and compliance standards (e.g., ISO 27001, NIST, GDPR).
• Hands‑on experience with security tools and technologies.
• Proven experience in a leadership role in information security, with at least 5‑8 years of relevant experience.
• Experience evaluating and managing cyber risk and working within industry‑standard frameworks (e.g., NIST Cybersecurity Framework, CIS Top 20, NIST 800‑XX, etc.).