As the Information Security Manager, you will play a vital role in assisting Franklin Madison with protecting the confidentiality, integrity, and availability of sensitive information assets, including critical data. You will work under the guidance of IT and Risk Management in assisting in the implementation, monitoring, and maintenance of security measures across various teams, systems, and networks. This role requires a strong understanding of information security principles, control frameworks, technical expertise, and a commitment to continuous learning and improvement.
Security Governance & Policies:
- Participate in the development and maintenance of the organization's overall security governance framework.
- Develop, maintain, and communicate the organization's information security strategy, policies, standards, and guidelines.
- Align security initiatives with business objectives, risk tolerance, and industry trends.
- Continuously assess and update security policies to address emerging threats and vulnerabilities.
Security Compliance, Audit & Controls:
- Ensure compliance with relevant laws, regulations, and industry standards (e.g., SOC, PCI DSS, ISO 27001).
- Monitor and maintain oversight of controls supporting the company’s SOC2 assessment and PCI DSS requirements.
- Coordinate and participate in annual assessments.
- Support client due diligence requests (questionnaires, assessments, etc.) related to information security.
- Conduct regular reviews across teams to ensure compliance with the control environment.
- Participate in the evaluation and selection of security technologies.
Incident Reporting & Vulnerability Management:
- Document security incidents, investigations, and remediation actions taken.
- Assist in conducting regular vulnerability assessments and penetration tests on systems and networks.
- Work with IT teams to ensure prioritization and remediation of identified vulnerabilities.
- Generate reports on security incidents, vulnerabilities, and other relevant metrics for management review and potential action.
Security Awareness and Training:
- Assist in developing security awareness programs to educate employees on best practices and security policies.
- Support the implementation of security training initiatives and maintain awareness of emerging threats and trends.
- Stay abreast of the latest security trends, vulnerabilities, and technologies through ongoing learning and professional development.
- Proactively identify areas for improvement within the organization's security posture and propose recommendations.
- Bachelor's degree in Computer Science, Information Security, Cyber Security, or a related field (or equivalent work experience).
- Strong knowledge of information security principles, best practices, and industry standards.
- SOC, PCI, ISO knowledge and experience preferred
- Experience with security risk assessment methodologies and tools.
- Excellent communication and interpersonal skills to effectively collaborate with stakeholders at all levels.
- Basic understanding of networking protocols, operating systems, and web applications.
- Knowledge of vulnerability assessment tools and techniques.
- Excellent analytical and problem-solving skills.
- Effective communication and collaboration skills.
- Ability to work independently as well as collaborate with the team.