Deputy Manager - Information Security

Deputy Manager-Infosec

Area(s) of responsibility

Educational Bachelor’s degree in science, Information Systems, Cyber Security, or related field

 

Role & responsibilities:

Information Security & Risk Management

• Own and continuously improve the Information Security Risk Management framework, including risk identification, assessment, treatment, and monitoring across business units.
• Maintain and govern the enterprise risk register, KRIs, and mitigation tracking in alignment with organizational risk appetite.
• Provide expert guidance on security risk scenarios, emerging threats, and control effectiveness.

External Audit & Compliance Management

• Lead and manage external audits and certifications, including:
• ISO/IEC 27001:2022
• ISO/IEC 27701:2019
• SOC 2 Type 2
• NIST CSF
• PCI DSS
• Act as the single point of contact for certification bodies, auditors, and customer assessors.
• Ensure timely closure of audit findings, non‑conformities, and observations with sustainable corrective actions.

GRC & Policy Governance

• Define, review, and enforce information security, privacy, and risk governance policies, standards, and procedures.
• Support enterprise GRC initiatives, including regulatory mapping, control rationalization, and compliance reporting.
• Align internal controls with contractual obligations (MSAs, DPAs, client security clauses).

Internal Audit – Departmental Audits

• Plan, execute, and report internal audits for IT and non‑IT departments in line with ISO standards and organizational policies.
• Prepare and maintain the annual internal audit calendar and audit programs.
• Track audit findings, validate remediation, and report status to senior management.

Client & Stakeholder Management

• Support customer security audits, questionnaires, and due‑diligence assessments.
• Provide risk and compliance inputs for RFPs, proposals, and client governance forums.
• Engage with senior leadership to present risk posture, audit outcomes, and improvement roadmaps.

Continuous Improvement & Awareness

• Drive continuous improvement initiatives for ISMS, PIMS, and control maturity.
• Support security awareness and compliance training initiatives across the organization.

 

Skills Required :

• 7-9 years of experience in Information Security, Risk Management, Compliance, or Internal/External Audits.
• Hands‑on experience managing ISO 27001, ISO 27701, SOC 2, NIST CSF, and PCI DSS audits.
• Proven exposure to enterprise GRC frameworks and multi‑client audit environments.
• Strong understanding of risk management, audit methodologies, and compliance frameworks
• Reports on Information Security / GRC Leadership
• Works closely with IT, Legal, HR, Procurement, Delivery, and Client Governance teams

 

Certifications (Preferred / Mandatory)

• ISO/IEC 27001 Lead Auditor / Lead Implementer (Mandatory or strong preference)
• One or more of: CISA, CISSP, CRISC

Experience Level

Senior Level