WHAT DOES AN INFORMATION SECURITY MANAGER DO?

Published: Sep 9, 2025 - The Information Security Manager ensures the organization’s compliance with the Data Privacy Act, National Privacy Commission (NPC) guidelines, and international security standards such as ISO27001 and PCI. This role involves developing and implementing information security policies, managing risk-based protection of critical assets, overseeing third-party compliance, and leading incident management and breach reporting to the NPC. The Manager also sets the enterprise-wide security strategy, establishes security infrastructure and monitoring processes, and fosters strong relationships with vendors and regulatory bodies to safeguard data privacy and cybersecurity.

A Review of Professional Skills and Functions for Information Security Manager

1. Information Security Manager Overview

  • Risk Analysis: Identify and analyze risks.
  • Risk Treatment: Develop risk treatment strategies.
  • Regulatory Compliance: Ensure compliance with laws and regulations such as GDPR and GxP.
  • Policy Development: Create information security policies, procedures, and guidelines.
  • Security Training: Train staff in information security best practices.
  • Technology Utilization: Utilize modern, cost-effective technologies to protect the business.
  • Audit Support: Support and supervise investigations and audits.
  • Team Supervision: Oversee the daily tasks of other IT professionals.
  • Change Management: Drive change in IT and across the business.
  • Compliance Metrics: Create metrics and measure compliance.
  • Report Development: Develop and present reports to management.

2. Information Security Manager Job Description

  • Policy Management: Help develop, manage, audit, and enforce security-related policies and procedures.
  • Business Continuity: Work with IT management to ensure Business Continuity program components are current, effective, and aligned with business requirements.
  • System Design: Participate in the design and deployment of new software systems, services, components, and features.
  • Compliance Management: Manage compliance activities and respond to security assessments and audits by ISO, clients, and other entities.
  • Vulnerability Assessment: Manage periodic security vulnerability assessments and penetration testing.
  • Patch Management: Manage the patch management program.
  • Log Management: Manage system logs and security-related infrastructure.
  • Incident Response: Manage incident response and support systems.
  • Vendor Management: Manage and review infrastructure technology vendor contracts and risk assessments.
  • Technology Innovation: Propose new technologies, products, designs, and processes to strengthen security.
  • Stakeholder Relations: Develop professional working relationships with stakeholders, internal colleagues, and external providers.

3. Information Security Manager Functions

  • IT Governance: Report to the IT Director and ensure best IT security and governance practices across the organization’s infrastructure and applications.
  • Risk Assessment: Proactively assess the IT landscape to maintain the availability, integrity, and security of IT systems.
  • Security Program: Develop and implement an information security program and plan.
  • Application Security: Ensure application system security and compliance with internal and external regulations.
  • Identity Management: Oversee identity management processes and controls.
  • Security Monitoring: Manage effective and efficient security monitoring.
  • Audit Participation: Participate in IT audits to ensure compliance and risk mitigation.
  • Risk Committee: Chair the IT Risk Management Committee and establish processes for identifying and managing technology risks.
  • Technology Evaluation: Evaluate and integrate security tools and emerging technologies to enhance organizational resilience against evolving threats.
  • Collaboration: Collaborate with business units and project teams to embed security requirements into system design, procurement, and vendor management processes.

4. Information Security Manager Accountabilities

  • Cross-Functional Collaboration: Work closely with Platform Operations, Development, Delivery, and Support.
  • Corporate Security: Ensure appropriate controls are designed and operate effectively.
  • Risk Assessment: Ensure risk assessments are undertaken and support teams in identifying and reporting risks.
  • Risk Register: Maintain the risk register, ensuring risks are actively managed and treated.
  • Policy Documentation: Ensure appropriate documentation is in place supporting the creation of policies, procedures, and standards for the ISMS and aligned to corporate security policies.
  • Risk Reporting: Generate and maintain management reporting against Key Risk Indicators and establish treatment plans to address areas outside of risk appetite.
  • ISMS Implementation: Support the establishment of the ISMS and strategy for achieving ISO27001 within agreed timescales.
  • Control Reviews: Perform periodic control reviews to identify areas of control failure and/or ISMS non-compliance.
  • Audit Management: Manage and maintain the internal and external audit schedule, ensuring relevant teams are well prepared and supporting audit activities.

5. Information Security Manager Job Summary

  • Industry Awareness: Remain informed on trends and issues in the information security industry.
  • Project Oversight: Manage and oversee large-scale or critical security infrastructure projects.
  • Project Coordination: Coordinate security projects through progressive stages to achieve completion within specified time and budget constraints.
  • Technology Updates: Stay current with advances and changes in IT security systems, technologies, and methodologies.
  • Risk Analysis: Produce risk analysis reports and develop risk mitigation plans.
  • Budget Management: Build and manage project budgets effectively.
  • Problem Resolution: Recommend and direct the analysis and resolution of complex problems.
  • Vendor Management: Manage vendor selection, contract negotiations, integration of vendor tasks into the work plan, and track and review vendor deliverables.
  • Audit Support: Support internal and external auditors and perform audits in compliance with policies, regulations, and governance requirements.
  • Policy Definition: Define policies for the administration of all computer security systems and auditing processes.
  • Security Awareness: Develop and maintain an information security awareness program.

6. Information Security Manager Responsibilities

  • Information Security Management: Manage the security of information systems assets and protect systems from intentional or inadvertent access or destruction.
  • Intrusion Detection: Recognize potential, successful, and unsuccessful intrusion attempts and compromises through reviews and analyses of relevant event detail and summary information.
  • Forensic Evaluation: Perform preliminary forensic evaluations of internal systems.
  • Client Interaction: Interface with clients to understand their security needs and oversee the development and implementation of procedures to accommodate them.
  • User Compliance: Ensure that the user community understands and adheres to the necessary procedures to maintain security.
  • Risk Communication: Weigh business needs against security concerns and articulate issues to management and/or customers.
  • Technology Knowledge: Maintain current knowledge of relevant technology.
  • SOP Management: Guide the creation and maintenance of Standard Operating Procedures and other similar documentation.
  • Security Assessment: Interact across the business to assess security performance.

7. Information Security Manager Details

  • Policy Management: Own and maintain Group IT security policies, standards, and procedures.
  • Audit Liaison: Act as POC for all IT Audit, Risk, and Compliance.
  • Security Awareness: Promote and manage security awareness campaigns.
  • Board Reporting: Provide reporting to the Group Board, Risk, and Audit Committees.
  • Committee Reporting: Provide reporting to the Group subsidiary operations committees.
  • Regulatory Guidance: Provide expert guidance on compliance with regulatory body guidelines, Central Banks, and EIOPA.
  • Security Controls: Maintain and develop IT security controls.
  • Project Review: Provide security review and due diligence of projects.
  • Vulnerability Management: Develop a vulnerability management programme including regular vulnerability assessments, risk analysis, and remediation planning.
  • Threat Mitigation: Stay in tune with threats and ensure they are mitigated.

8. Information Security Manager Duties

  • Firewall Management: Manage firewall, intrusion detection, and prevention systems.
  • Vulnerability Management: Manage vulnerability scanning and remediation plans.
  • Access Protection: Protect information systems against unauthorized access.
  • Log Management: Configure log aggregation and review logs for security events.
  • Network Security: Install, configure, and manage network security software.
  • Configuration Review: Review system configurations and advise on security best practices.
  • Network Monitoring: Monitor network activity to identify issues early and communicate them to IT teams.
  • Incident Response: Act on security breaches and malware threats.
  • Security Training: Serve as a security expert and conduct training.
  • Policy Support: Support the creation and maintenance of security policies and procedures.
  • Security Audits: Conduct internal and external security audits.
  • Threat Monitoring: Monitor and respond to emerging threats and ongoing best practices changes.

9. Information Security Manager Details and Accountabilities

  • Firewall and VPN Management: Manage the team responsible for Corporate Firewall and VPN Operations.
  • Metrics Development: Develop and maintain metrics to prove the effectiveness of the process and toolsets.
  • Technical Ownership: Take responsibility for ownership and accountability in areas of recognized technical expertise.
  • Technical Leadership: Provide technical leadership, guidance, and assistance across different segments for the firewall and VPN environments.
  • Team Management: Recruit, hire, train, develop, and supervise the performance of information security professionals.
  • Performance Reviews: Perform employee performance reviews and make compensation recommendations.
  • Client Consultation: Consult with internal clients on security topics and policy interpretation.
  • Technical Documentation: Be in charge of Technical Design and Documentation, ensuring engineering, operations, and process documentation exist and are updated.
  • Incident Investigation: Respond to and investigate escalated security events.
  • Trend Analysis: Identify trends based on operations escalations, metrics, and develop requirements for automation.
  • Cross-Functional Collaboration: Work with cross-functional leaders/teams in Security, IT, desktop support, and the business to ensure firewall and VPN operations and tasks are completed.

10. Information Security Manager Tasks

  • Security Team Management: Manage the security team and oversee technical aspects, architecture, deployments, and initiatives.
  • Policy Management: Manage and update global security standards and policies.
  • Project Management: Project manage security-related requirements, and ensure Data Governance and GDPR compliance.
  • Stakeholder Communication: Communicate clearly and concisely to a wide range of stakeholders, address audiences, broker conversations, and form trusting relationships.
  • Audit Management: Manage all security audits from stakeholders.
  • Vendor Audits: Manage security audit requirements and baselines for vendors.
  • Security Metrics: Provide security metrics for the executive team and stakeholders.
  • Certification Management: Manage and drive all security-related certifications and framework compliance.
  • Best Practices: Manage and maintain security best practices, frameworks, and industry standards.
  • Vendor Relations: Build relationships with all security vendors and review product roadmaps.
  • Risk Tracking: Consistently track all new risks and vulnerabilities that could impact the company.
  • Design Review: Review new business, architecture, and design to ensure best security practices.
  • Technology Research: Consistently research and review new security technology platforms and practices to strengthen the company’s global security posture.

11. Information Security Manager Roles

  • Incident Response: Maintain and update the Group incident response plan (IRP) in response to emerging threats and evolving cyber incident handling best practices.
  • Incident Analysis: Investigate and analyse incidents.
  • Internal Communication: Manage internal communications and updates during or immediately after incidents, working closely with stakeholders throughout the incident life cycle.
  • External Communication: Communicate with employees, shareholders, customers, and the press about incidents.
  • Incident Remediation: Be in charge of remediating incidents.
  • Post-Incident Improvements: Recommend technology, policy, governance, and training changes after security incidents.
  • Vulnerability Management: Close off identified security vulnerabilities and provide mitigating controls at perimeter defence in the case of an attack.
  • Threat Hunting: Work with team members and security vendors in threat hunting, identify cyber-attacks, and maintain continuous improvement efforts in security toolset management.
  • Security Operations: Handle other security-related operations and tasks as required by management, including cybersecurity projects.
  • Vendor Coordination: Interface with vendors to ensure appropriate tools, configurations, and workflows are in place.
  • Team Development: Develop the Information Security professionals in the team.

12. Information Security Manager Additional Details

  • Certification Management: Maintain certification to PCI-DSS, ISO 27001, ISO 20000, ISO 22301, and BS10008 standards.
  • Audit Management: Conduct internal audits and facilitate external audits and penetration testing to maintain compliance with required standards.
  • Risk and Compliance Meetings: Manage, coordinate, and facilitate risk and compliance meetings, audits, and workshops across the organization.
  • Customer Assurance: Assure potential and existing customers regarding information security controls.
  • Knowledge Base Management: Build and maintain an information security knowledge base and web portal to provide customers with the required assurance.
  • Cloud Security: Pivot the organization’s security posture to operate as a public cloud service provider.
  • Security Advocacy: Champion information security and compliance within the business to ensure all staff are fully aware of their responsibilities and company standards.
  • Security Training: Deliver regular information security training to staff, act as the subject matter expert for ISMS and compliance, and maintain the ISMS framework.
  • Regulatory Alignment: Work closely with the legal team to stay abreast of legal and regulatory changes that may impact the business.
  • Policy Review: Review and update policies, procedures, and processes related to risk management and compliance with industry standards.
  • Governance Management: Manage information security compliance projects and ongoing governance activities.
  • Continuous Improvement: Research best practices and regulatory guidance to drive continuous improvement.

13. Information Security Manager Essential Functions

  • Information Assurance: Deliver key information assurance initiatives, including an enterprise-wide data classification program.
  • Compliance Monitoring: Undertake formal compliance monitoring to ensure breaches are identified, addressed, and remediated.
  • Best Practices: Drive security best practices across domains, including access management, cryptography, cloud computing and storage, and data governance.
  • Risk Assessment: Conduct formal risk assessments on applications, processes, and prospective solutions.
  • Framework Enhancement: Continuously improve and enhance the cybersecurity framework based on leading standards, including CIS Critical Controls, COBIT 5, ISO 27001, CESG, and NIST.
  • Compliance Management: Manage key compliance programs, including ISO 27001.
  • Security Reporting: Produce quality reporting and management information on the state of information security, information assurance work streams, risk exposure, and threat management.
  • Disaster Recovery: Undertake IT disaster recovery planning and design.
  • Threat Mitigation: Enhance security posture and mitigate threats.
  • Framework Alignment: Apply and align security practices with frameworks such as ISO 27001, APRA, NIST, ISM, and CPS-234.
  • Security Practice Management: Own, manage, and coordinate the security practice within the organization.

14. Information Security Manager Role Purpose

  • Security Oversight: Oversee information security activities and participate in IT operations, security projects, cybersecurity, and IT hardware and application management.
  • Risk Framework: Develop and maintain a technology risk management framework, policies, guidelines, standards, and operating procedures based on applicable best practices.
  • Risk Management: Ensure the technology risk management process is in place to identify, measure, monitor, and control all technology-related risks.
  • Control Strengthening: Initiate, lead, and coordinate actions to strengthen and monitor information security and cybersecurity controls.
  • Project Delivery: Ensure cybersecurity and information security projects are delivered on time and that relevant controls are performed accurately and in accordance with regulatory standards and requirements.
  • Audit Collaboration: Collaborate with corporate risk and compliance, internal audit, and technical teams in designing and implementing audit, risk assessment, and regulatory compliance practices.
  • Incident Response: Respond to and investigate information security incidents and breaches to reduce or contain potential damage, and communicate with regulators.
  • Security Awareness: Promote security awareness for staff at all levels.
  • Security by Design: Promote security by design for systems and infrastructure in line with industry standards and best practices.
  • Secure Coding: Ensure secure coding practices are applied consistently across the engineering organization.

15. Information Security Manager General Responsibilities

  • Team Leadership: Lead a team to work with in-house IT, SOC, and relevant stakeholders to continuously improve the corporate security posture.
  • Security Governance: Manage information security governance for enterprise information security through regular reviews of systems to ensure compliance with security policies and regulatory requirements.
  • Awareness Training: Create and manage information security and risk management awareness training programs.
  • Incident Investigation: Investigate incidents relating to information security, identify threats and impacts to the organization, and plan and prioritize remediation and corrections.
  • Incident Reporting: Provide regular reporting and presentations to management on the development of incidents.
  • Accreditation Management: Facilitate and collaborate with relevant units to attain and maintain international accreditations such as ISO 27001, ISO 27017, ISO 27018, CREST, and SOC 2.
  • Technology Evaluation: Evaluate new and innovative information technology concepts, approaches, methodologies, techniques, services, guidance, and policies that can strengthen the organization’s information security posture.
  • Best Practice Recommendations: Make recommendations regarding best practices.
  • Strategic Integration: Work with relevant stakeholders to incorporate corporate accreditations and best practices into business strategies.
  • Risk Analysis: Analyze cybersecurity risks and propose effective solutions.
  • Application Development: Develop applications to automate, integrate, and evolve the security practice.

16. Information Security Manager Key Accountabilities

  • Regulatory Compliance: Identify legal entity regulatory requirements about internal applications and assess their impact on each legal entity to ensure compliance.
  • Regulatory Framework: Develop a regulatory framework to support outreach requirements specific to locations and legal entities, focusing on cloud migration, access control, and data localisation.
  • Global Support: Support and guide application teams globally to identify specific regulatory impacts and address applicable outreach requirements.
  • Regulatory Approvals: Drive the effort to obtain regulatory approvals from initiation to completion in an efficient and timely manner, while identifying opportunities to streamline and enhance processes.
  • Collaboration: Collaborate with location representatives and internal review teams to ensure continued success in meeting regulatory obligations.
  • Stakeholder Liaison: Act as the point of contact for stakeholders across the organization to assist application teams in addressing regulatory outreach requirements related to cloud migration, data localisation, and access controls.
  • Governance Management: Maintain governance of the regulatory framework and support the development of strategic solutions to automate regulatory processes within the organization.
  • Security Program: Create an information security program that aligns with industry best practices and standards.
  • Vulnerability Management: Grow the vulnerability management program by monitoring systems for vulnerabilities and ensuring timely remediation.
  • Security Solutions: Work closely with the engineering team to design and implement effective security solutions.

17. Information Security Manager Roles and Details

  • Team Leadership: Lead a team of advanced analysts and engineers in the identification, pursuit, and eradication of threats to the network.
  • Cybersecurity Strategy: Articulate and blaze the cybersecurity trail, furthering a mature program to detect and prevent network intrusions and system compromises at a globally respected research organization.
  • Team Development: Establish priorities and frameworks for the team to hone their threat detection skills, forensics abilities, and recovery responsiveness.
  • Threat Analysis: Guide the monitoring, digging, and analyzing strategies of the team while leveraging advanced software and hardware tools.
  • Policy Collaboration: Work with a leading cadre of cybersecurity policy researchers to inform the policy agenda.
  • Incident Response: Participate in Incident Response activities.
  • Security Reporting: Develop audience-aware, crafted summaries of security events, the state of the organization’s security posture, and other notable points of interest.
  • Situational Awareness: Assist in the development of periodic or ad-hoc security reports to provide relevant situational awareness for senior stakeholders.
  • Security Support: Provide additional support to the Information Security team.
  • Control Reporting: Organize reports about security controls, compliance, and incidents.
  • Compliance Consulting: Ensure consistent company-wide compliance with policies and procedures by helping in the planning and consulting of solutions together with the ISSO and other teams.

18. Information Security Manager Responsibilities and Key Tasks

  • Best Practices: Define and ensure security best practices and standards are followed company-wide.
  • ISMS Management: Plan, develop, and maintain a new Information Security Management System (ISMS).
  • Policy Creation: Lead and support in the creation of security policies and procedures in the ISMS.
  • Documentation Review: Write and assist in the review and approval of security-related documentation.
  • ISO Compliance: Work towards and guarantee continued compliance with ISO27001 standards.
  • Documentation Dissemination: Contribute to the dissemination of security documentation and practices.
  • Customer Support: Support the legal and sales teams in responding to information security requests from prospective customers and information security aspects during contract negotiations.
  • Incident and Recovery Planning: Develop incident response and disaster recovery plans for business continuity.
  • Risk Management: Support in the management of risk assessments and threat/vulnerability mitigations.
  • Threat Protection: Make sure that always up-to-date security solutions are in place against the latest threats.
  • Metrics and Reporting: Collaborate with IT and the team towards the creation of a system of metrics and reports for the evaluation of security controls’ efficiency and effectiveness.
  • Stakeholder Engagement: Take part in discussions with stakeholders and managers about cybersecurity issues, recommendations, and plans, as well as any auditing support.
  • Process Security: Work with IT towards the security and formalization of all company processes.
  • Awareness Training: Help in the creation of cybersecurity awareness and training programs.

19. Information Security Manager Duties and Roles

  • Information Security Management: Manage the security of information and establish security systems, policies, and procedures to prevent system compromise or infiltration.
  • Firewall Standards: Establish appropriate firewall standards and design and implement security policies to control system access.
  • Encryption Standards: Recommend and implement standards for appropriate security checkpoints and encryption methods.
  • Business Impact Assessment: Assess the impact on the business caused by theft, destruction, alteration, or denial of access to information.
  • Policy Development: Develop policies and procedures to ensure the security of all solutions.
  • Product Evaluation: Investigate, recommend, and monitor the implementation of new security products and services.
  • Customer Liaison: Act as a central point of contact for internal and external customers on security issues.
  • Change Control Participation: Participate in product Change Control Boards and work with other JHA departments to ensure the security of products and services.
  • Threat Monitoring: Monitor and evaluate internal and external security threats.
  • Threat Research: Research security threats and implement appropriate changes to the E-Services Security program to prevent data assets from being compromised.
  • Security Reviews: Coordinate security-related reviews and follow up on security findings from these and other third-party reviews.

20. Information Security Manager Roles and Responsibilities

  • Policy Implementation: Drive the implementation of TCS and Client security policies, standards in the delivery units.
  • ISO Compliance: Ensure compliance with ISO 27001:2013 standards.
  • Security Training: Conduct information security training and awareness for all staff, and ensure compliance with the security quiz.
  • Risk Assessment: Ensure risk assessment registers are maintained and risk assessments are performed by the delivery units.
  • Incident Management: Identify security events/incidents, conduct investigation, gather evidence, report to relevant authorities, suggest preventive measures, and closures.
  • ODC Reviews: Conduct ODC reviews of new relationships that get transitioned.
  • System and Network Security: Ensure compliance with systems and network security.
  • Regulatory Compliance: Ensure compliance with various laws and regulatory, statutory requirements, e.g., GLBA, EU Regulations, PCI DSS, etc.
  • Security Metrics: Ensure monthly reporting of security metrics is shared with Lead ISM.
  • Internal Audits: Perform internal security audits.
  • External Audits: Facilitate client and external audits.
  • Vendor Audits: Conduct vendor security audits.

21. Information Security Manager Overview

  • Business Alignment: Match the role's technical focus with an appreciation of business needs, requiring ongoing attention to professional development and routine engagement with business representatives.
  • Audit Inspection: Scope the position to include activities for audit inspection, necessitating visits to the company's waste, water, treatment, and hazardous treatment facilities.
  • Security Controls: Identify, place, and configure technical and administrative security controls to ensure the safe, sustainable, and secure operation of the plant and systems.
  • Security Architecture: Deliver security capabilities against identified risk and business expectations through defined security architecture, standards, policies, procedures, products, and services.
  • OT Security Leadership: Be a trusted leader and domain guide in operational technology security and information governance, including legal and regulatory obligations for information security.
  • Incident Response: Contribute to an on-call rota providing an out-of-hours point of contact for observed high-priority incidents.
  • Team Management: Plan and manage the team's day-to-day activities and priorities, and oversee their general performance and development.
  • Client Engagement: Meet with clients and customers to ensure that the information security and governance standards meet their needs and expectations.
  • Performance Review: Engage with business stakeholders to review performance and agree on improvement targets.
  • Process Improvement: Engage with all areas of the business to continually improve the processes, policies, and controls.
  • Business Continuity: Assist stakeholders on the technical elements of business continuity planning.

22. Information Security Manager Job Description

  • Cybersecurity Strategy: Provide an outstanding Cyber Security approach.
  • Collaboration: Work collaboratively with internal and external partners to ensure awareness of potential cybersecurity threats and establish necessary systems and processes to mitigate against any threats.
  • Strategy Implementation: Lead the implementation of the Cyber Security strategy whilst achieving awareness and consensus across the business.
  • Security Roadmap: Support the ongoing development of the security roadmap to achieve cyber maturity goals.
  • Reporting Management: Monitor and maintain a reporting suite that ensures all areas of the business are aligned with agreed processes.
  • Incident Coordination: Coordinate the response, escalation, and subsequent review of any cyber incidents.
  • Policy Management: Implement and continuously review security policies to ensure they are fit for purpose and adhered to.
  • Cyber Exercises: Complete cyber security exercises and simulations to ensure business readiness to respond to cyber threats.
  • Project Delivery: Run and deliver projects defined in the security roadmap.
  • Security Training: Collaborate with the HR team to ensure all colleagues are trained to an appropriate level regarding cyber risks.
  • Design Review: Review technical designs and provide views on security compliance as an integrated member of the IT team.
  • IT Contribution: Contribute to other IT initiatives when workload permits, and deliver the security brief.

23. Information Security Manager Functions

  • Control Execution: Take responsibility for executing the controls and measures as defined in the Information Security Target Model in the region.
  • Risk Management: Focus on information, business, and compliance risk management activities relating to Information Security.
  • CISO Collaboration: Work closely with the Regional Information Security Officer (CISO) in implementing the mandate for Information Security.
  • System Security: Secure critical business processes, applications, and IT systems through regular assessments conducted by internal or external partners, and coordinate resolution with product teams.
  • Stakeholder Engagement: Engage external stakeholders in information security-related discussions and activities.
  • Vendor Assessment: Assist in vendor assessment from a security perspective.
  • SME Consultation: Consult as an SME in the assessment of new applications and projects being introduced to the IT landscape.
  • Secure Development: Ensure that new information systems are developed securely by actively consulting and guiding the team at all stages.
  • Research and Analysis: Perform research and analysis on software, tools, and technologies relating to security that are used in the region.
  • Process Management: Manage information security management processes, standards, and procedures to ensure control effectiveness and compliance.
  • Status Communication: Communicate the status of own area of responsibility to the Regional ISO and management team.
  • Penetration Testing: Coordinate penetration tests for all customer-facing web applications, including liaising between pen testers and application teams, and compile and secure exemptions.
  • Exemption Reviews: Support the Regional ISO in conducting regular reviews of security exemptions active for applications being developed in the region.
  • Awareness Activities: Support the Regional ISO in security awareness-related activities.

24. Information Security Manager Accountabilities

  • SOC Leadership: Set the strategic direction and tactical execution of the SOC to ensure it is being effectively leveraged across multiple business units worldwide.
  • Runbook Management: Enhance and maintain operational runbooks for both technical service management and operations to ensure optimal escalation and execution.
  • Log Management: Act as Subject Matter Expert in global enterprise log management, providing expertise in maintaining and executing company standards.
  • Third-Party Management: Manage third-party relationships with platform providers and MSSPs that security services rely on, including independently working with providers to establish processes and tools that consistently meet organizational needs.
  • Financial Oversight: Track financial obligations and spending between the organization and external partners who provide the tools and platforms needed for these services.
  • Service Administration: Oversee day-to-day operation and administration of owned services, including operational activities or managing contractual support to ensure adequate service delivery.
  • Metrics and Reporting: Provide reporting data and metrics to leadership to highlight service usage, areas of improvement, Key Risk Indicators to be mitigated, and Key Performance Indicators monitoring the progress of risk reduction.
  • Process Improvement: Collaborate with other Subject Matter Experts within the Security Services team to deliver a unified security service experience while leveraging expertise to improve existing processes.
  • Stakeholder Engagement: Engage frequently with representatives to ensure services meet expectations and requirements as defined by organizational policy, standards, procedures, and guidelines.
  • Vulnerability Oversight: Provide threat and vulnerability management oversight and clearly communicate observations to leaders and subject matter experts, properly relaying risk factors.

25. Information Security Manager Job Summary

  • Risk Management: Manage security and compliance risks in service delivery for key verticals and communicate with Business teams to understand all critical security requirements and risk scenarios.
  • IRM Program: Engage in the IRM program for the key accounts, including defining a control framework, identifying and evaluating risks, understanding the business context, and preparing reports and recommendations.
  • Incident Coordination: Coordinate with the Incident Management team during incidents and support the investigation of security breaches.
  • Risk Assessments: Perform annual Security Risk assessments and conduct related ongoing compliance monitoring activities in coordination with Privacy Officer and Legal Team members.
  • Audit Management: Manage External ISO 27001 audit and coordination with auditors, including planning out the audit schedule and charter for corporate functions, and coordinating with all internal stakeholders towards preparation.
  • Compliance Assurance: Assess, prepare, and ensure all IT systems, policies, and procedures fully comply with Cognizant ISO 27001 SoA, security laws, rules, and regulations.
  • Stakeholder Engagement: Engage with different stakeholders, including external auditors, customer visitors, business leaders, and corporate teams, such as HR, legal, IT, etc.
  • Control Reviews: Conduct reviews to assess the service delivery control environment and evaluate adherence to client-identified contractual requirements, Cognizant policies, and standards.
  • PCI-DSS Compliance: Accountable for PCI-DSS-related activities, including the identification of compliance gaps, the development of remediation plans, scanning, PCI certification, documentation, monitoring compliance status, and ultimate attestation of compliance.
  • Business Support: Support the business team during deal pursuit.

26. Information Security Manager Responsibilities

  • Security Integration: Manage the full life cycle of day-to-day security integration activities, including coordination of detailed functional plans, communication with key stakeholders, and issue resolution.
  • Dependency Management: Create awareness of cross-functional inter-dependencies and establish prioritization for plan execution to minimize disruption to daily operations.
  • Due Diligence: Enforce and improve existing due diligence and security integration methods with inputs from the core corporate security and compliance team to comprehensively assess the target organization's technical environment, security posture, and capabilities, and identify internal and third-party risks.
  • Continuous Improvement: Capture best practices and lessons learned throughout the due diligence period for continuous improvement for future acquisitions.
  • Security Assessments: Participate in internal and external security and privacy assessments, collect data inventory, and evaluate systems for security monitoring to track the effectiveness of security controls in considering organizational security posture.
  • Integration Planning: Prepare a draft of the integration strategy plans to minimize the risk of security gaps in M&A projects.
  • Compliance Activities: Perform security compliance activities, including conducting annual and project risk and control assessments and third-party assessments, and managing remediation activities.
  • Control Design: Design, document, and update the necessary controls required to comply with international standards and local regulations.
  • Control Evaluation: Evaluate technical and organizational controls to ensure effectiveness and compliance, including managing the control remediation efforts.
  • Risk Balancing: Weigh business needs against security concerns and recommend necessary changes to enhance information systems security.

27. Information Security Manager Details

  • Team Leadership: Lead, develop, and manage the centralised team of security analysts across the ecosystem spanning multiple regions.
  • Incident Response: Direct security event monitoring, manage incident response, and oversee cyber intelligence to identify potential threats, delivering strategic reports and strategies to minimise impact and support the risk management process.
  • Threat Management: Manage threat detection, perform threat modelling, identify threat vectors, and develop use cases for security monitoring while contributing to risk management processes.
  • Compliance Oversight: Ensure compliance with policy, process, and procedure, and maintain documentation for audits.
  • Process Improvement: Revise and develop SLAs and processes to strengthen the current Security Operations Framework, review policies, and highlight challenges.
  • SOC Management: Oversee the use of resources and initiate corrective actions for the Security Operations Center.
  • Device Administration: Manage daily administration and maintenance of security devices to achieve operational effectiveness.
  • Reporting and Metrics: Create reports, dashboards, and metrics for SOC operations and present them to Senior Management.
  • Security Awareness: Maintain and deliver information security awareness and training to the entire business.
  • Vulnerability Testing: Ensure all vulnerability testing is carried out and reported promptly, and review the completion of any corrective measures required.
  • Business Communication: Communicate with the wider business in non-technical language regarding events, risks, and processes, and liaise with external security partners.

28. Information Security Manager Duties

  • Security Solutions: Develop and deliver holistic solutions that protect enterprise systems, applications, and data from unauthorized access, use, disclosure, modification, or disruption.
  • Security Roadmaps: Develop and maintain technology and operations roadmaps for security infrastructure components, including intrusion prevention/detection, data security, identity and access management, IT/network security, and security event management.
  • Collaboration: Collaborate with IT leadership, project managers, and other technical leads to resource projects and manage communication across all teams involved.
  • Incident Response: Serve as the focal point for security incident response planning, execution, and awareness.
  • On-Call Support: Respond to security incidents, assist with troubleshooting, and provide on-call support.
  • Gap Analysis: Assist with the identification and evaluation of cybersecurity gaps, and help translate them into functional specifications.
  • Vulnerability Management: Partner with the Infrastructure Engineering Team on vulnerability assessments, analyze vulnerabilities, determine severity, and recommend paths for eliminating or mitigating medium, high, or critical security gaps.
  • Control Integration: Work with Service Desk, Infrastructure, Application, and other technical leads to ensure proper security controls are integrated in the environment and risks are reduced to acceptable levels.
  • Threat Research: Maintain a current understanding of the security threat landscape, and research and review new and emerging technologies and trends.
  • Operations Management: Manage day-to-day security operations activities, and mentor and coach other Security Engineers.
  • CISO Support: Perform other functions as assigned by the CISO.

29. Information Security Manager Details and Accountabilities

  • Security Strategy: Lead continuous development and execution of the information security strategy and roadmap that addresses identified risks and business security requirements.
  • Standards and Procedures: Develop and implement security standards, processes, and procedures.
  • Security Metrics: Monitor and report security performance against established security metrics.
  • Threat and Vulnerability Management: Lead the day-to-day activities of threat intelligence and vulnerability management, identify risk tolerances, and recommend remediation plans.
  • Incident Management: Manage and coordinate operational components of incident management, including detection, response, and reporting.
  • Awareness and Training: Provide security communication, awareness, and training.
  • Compliance Support: Provide support and guidance for legal and compliance efforts, including audit support.
  • Knowledge Management: Maintain a knowledge base of technical references, security advisories and alerts, information on security trends and practices, and laws and regulations.
  • Log Review: Ensure audit trails, system logs, and other monitoring data sources are reviewed periodically and comply with policies and audit requirements.
  • Security Testing: Design, coordinate, and oversee security testing procedures to verify the security of systems, networks, and applications, and manage the remediation of identified risks.
  • Technology Evaluation: Research, evaluate, design, test, recommend, and plan the implementation of new or updated information security hardware or software, analyze its impact on the existing environment, and provide technical and managerial expertise for the administration of security tools.

30. Information Security Manager Tasks

  • Program Execution: Drive the execution of the regional Information Security program through defined work approaches.
  • Subject Matter Expertise: Develop deep program policy, process, and tool subject matter expertise.
  • Global Collaboration: Collaborate closely with global program teams.
  • Team Support: Support team members through training, governance, and hands-on execution of the program in their countries.
  • Program Goals: Determine clear annual program goals and objectives.
  • Program Reporting: Provide regular program updates to the Head of Information Security in the region.
  • Project Compliance: Support local teams by ensuring Technology and Business Projects comply with IT Security Policies, Standards, and the approved technology stack.
  • Cloud Security: Partner with architecture, engineering, application, security, and operational staff to identify and drive resolution of Cloud security projects and issues.
  • Application Security: Coordinate the Application Security review program in the region.
  • Security Reviews: Conduct security reviews and provide recommendations for on-premise applications as well as IaaS, PaaS, and SaaS Cloud environments.
  • Remediation Support: Monitor and support remediation of issues arising from misconfigurations due to improper coding practices.
  • Technology Awareness: Keep up to date with new technologies and Cloud Platforms, and understand how security controls are implemented in the Cloud.
  • Architecture Evaluation: Evaluate new application architecture designs, Network Security, and Encryption protocols, and make recommendations.

31. Information Security Manager Roles

  • Operational Security: Maintain operational security posture for an information system or program to ensure information systems security policies, standards, and procedures are established and followed.
  • Contract Review: Review security contracts and work with the legal team for contract execution.
  • Audit Management: Lead and own the entire customer audit cycle from risk identification to remediation.
  • RFP Response: Respond to security RFP’s and assessments.
  • Security Presentations: Deliver security presentations to customers and upper management.
  • System Security Operations: Lead the management of security aspects of the information system and perform day-to-day security operations of the system.
  • Solution Evaluation: Evaluate security solutions to ensure they meet security requirements for processing classified information.
  • Risk Assessment: Perform risk assessment, customer on-site audits, and analysis to support certification and accreditation.
  • Change Management: Manage changes to the system and assess the security impact of those changes.
  • Security Documentation: Prepare and review documentation, including System Security Plans, Risk Assessment Reports, Certification, and Accreditation packages.
  • Project Prioritization: Work with the Security team and others in technology management to document priorities and structure project team activities to align with those priorities.
  • Project Management: Manage project execution life cycle, including project charter, scope, planning, requirements, design development, implementation, change control, risk management, and reporting.
  • Stakeholder Communication: Maintain timely and proactive communication with management and other stakeholders, and prepare and present status reports, deliverables, and presentations.

32. Information Security Manager Additional Details

  • Compliance Management: Manage tasks in IS Compliance, Privacy, and support for SOX compliance testing.
  • Team Leadership: Act as a lead to guide other team members and work independently, applying hands-on experience in performing risk-based IS and IT controls assessments.
  • Framework Application: Apply knowledge of relevant frameworks, including NIST Cyber Security Framework, NIST 800-171, CMMC, and NIST 800-53, to administer an effective compliance program.
  • Risk Assessment: Assist in the annual IT Risk Assessment, including identification of all systems supporting key financial processes, assessment of controls (general and application) for key financial systems, and assessment or development of test procedures, including evaluation of control testers.
  • Control Matrix Management: Maintain the IT Risk Control Matrix to document all key financial systems, controls, and testing procedures.
  • SOX Documentation: Ensure proper documentation for SOX ITGC, including IT Risk Control Matrix, ITGC Process Narratives, ITGC testing, issue evaluation, and reporting.
  • Process Automation: Identify opportunities and support automation of processes and ITGC controls to improve efficiency.
  • SOX Testing: Support coordination, testing, and evaluation of IT systems and controls for SOX compliance in a predominantly SAP environment.
  • Training and Documentation: Contribute to ITGC training and documentation efforts.
  • Deficiency Remediation: Work collaboratively with IT teams and business units to remediate control deficiencies.
  • Third-Party Evaluation: Evaluate third-party SSAE 16 (SOC 1) reports for compliance with system control requirements.
  • Control Improvement: Make recommendations for enhancing IT system controls and process improvements.
  • Project Participation: Participate in projects to implement IT risk, control, or compliance requirements for new systems.
  • Communication: Provide timely and comprehensive communications within IT, Internal Audit, and Compliance teams, including identification of ITGC issues and exceptions.

33. Information Security Manager Essential Functions

  • Compliance Program: Build the company-wide information security compliance program, ensuring all business operations, activities, processes, and procedures meet defined risk and security requirements, policies, and regulations.
  • Change Management: Develop and oversee the technology change management process.
  • Policy Development: Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
  • Audit Management: Build and execute a strategy for dealing with increasing numbers of audits, compliance checks, and external assessment processes for internal/external auditors, PCI, SOX, NIST, and CIS.
  • Risk Management: Work with business partner organizations to manage risk and effectuate information security policies.
  • Security Reviews: Execute vendor, infrastructure, M&A, and other security reviews.
  • Access Reviews: Execute periodic user access reviews on critical systems and data.
  • Awareness Training: Own the security awareness training platform and program across the Group.
  • Incident Escalation: Serve as an escalation point for security alerts triaged by the Security Operations Center.
  • Vulnerability Management: Drive identification and reporting of vulnerabilities and associated remediation.
  • Incident Response: Participate in security root cause analysis and forensics as part of the enterprise's Cyber Incident Response Plan.
  • Policy Implementation: Participate in programs and initiatives supporting the further implementation of the company's Information Security Policies and Standards.
  • Security Metrics: Collect and present key Information Security Metrics.

34. Information Security Manager Role Purpose

  • ISMS Management: Oversee the Information Security Management System (ISMS), including managing Risk and Asset management processes, Corrective Action Plans, and reporting overall ISMS performance against agreed metrics to senior management.
  • Privacy Management: Manage the privacy management process by guiding Data Processing Agreements with third parties, Data Privacy Policy updates, and data retention policies.
  • Security Strategy Support: Assist in delivering the organization’s Information Security strategy.
  • Threat Modeling: Develop and review threat models and manage business changes to counter exploitation.
  • Awareness Training: Deliver and augment the existing security awareness training programme for internal staff and support the ongoing Security and Privacy education needs of the business.
  • Compliance Management: Take ownership of ongoing compliance programmes, including GDPR, PCI/DSS, and internal security controls.
  • Incident Management: Act as a member of the incident management group, measure the effectiveness of the incident management process, and adapt policies and procedures accordingly.
  • DSAR Support: Assist with process improvement, data capture, and output review during the company's responses to Data Subject Access Requests.
  • Policy Development: Develop and maintain security policies and procedures to address an evolving threat landscape.
  • Monitoring and Auditing: Support continuous monitoring and auditing of corporate and production systems for vulnerabilities and non-conformities.
  • Asset Management: Manage the Company's Asset Register by working with stakeholders across the business to ensure new assets are captured and periodic reviews are conducted.
  • Third-Party Audits: Assist in third-party audits of the supplier and partnership ecosystem.
  • SME Guidance: Act as a subject matter expert to guide and consult stakeholders, ensuring continuous security maturity and improvement of the security posture.

35. Information Security Manager General Responsibilities

  • Privacy Compliance: Monitor the organization’s compliance with the Data Privacy Act, issuances, and guidelines by the National Privacy Commission.
  • Privacy Liaison: Serve as the contact person for government entities and private individuals on all matters concerning data privacy and security issues or concerns.
  • Privacy Advisory: Inform, advise, and issue recommendations to management regarding data processing activities.
  • Third-Party Compliance: Check compliance of third-party service providers that use the organization’s and customers’ data, as well as adherence to Data Sharing Agreements and other contractual obligations.
  • Privacy Impact Assessment: Conduct Privacy Impact Assessments for the organization’s internal systems, products, and services.
  • Data Subject Support: Handle questions and complaints from data subjects regarding their information held by the organization.
  • Incident Management: Prepare and create an incident management system and submit relevant documents to the NPC in the event of a suspected or actual data breach.
  • Security Strategy: Set enterprise-wide vision, strategy, and roadmap for information security.
  • Policy Development: Develop information security policies, standards, and guidelines in line with recognized international standards such as ISO27001 and PCI.
  • Security Infrastructure: Establish and operate the information security infrastructure and toolset.
  • Vulnerability Management: Drive regular identification and remediation of vulnerabilities.
  • Asset Protection: Identify critical assets and ensure tiered risk-based protection across the footprint.
  • Process Compliance: Ensure security processes, including those of external service providers, comply with corporate social responsibility, environmental and technical policies, and applicable standards and legislation.
  • Security Reporting: Implement and manage information and cybersecurity management status reporting, metrics, and benchmarks.
  • Vendor Management: Strategically develop and manage relationships with major vendors and service providers to ensure they cost-effectively meet the needs of the organization.

36. Information Security Manager Key Accountabilities

  • Gap Analysis: Collaborate with departments and business managers to identify security gaps and needs.
  • Threat Intelligence: Gather security intelligence and coordinate the deployment of preventative measures.
  • Technology Awareness: Keep abreast of new technologies and advancements in security services.
  • Solution Research: Research and recommend new security solutions.
  • Vulnerability Management: Stay aware of threats and vulnerabilities in the industry and assist in the remediation of issues.
  • Risk Management: Balance business and security while prioritizing and remediating risks.
  • SOC Implementation: Assist in implementing and managing the Security Operation Center (SOC) together with IT System Operations.
  • Security Strategy: Plan and develop the security strategy for the businesses in collaboration with IT Technical Operations.
  • Policy Management: Oversee, create, implement, and communicate security policies and procedures.
  • Security Architecture: Manage security architecture and the security analyst team.

37. Information Security Manager Roles and Details

  • Action Plans: Build, implement, support, and enhance action plans within the area of information security.
  • Workflow Management: Take charge of the InfoSec workflow and controls, identify gaps, and improve the effectiveness of operations and projects within the region.
  • Budget Management: Assist in managing the security operations budget and monitoring expenses.
  • Security KPIs: Develop security KPIs and work to ensure teams are achieving their own KPIs.
  • Performance Tracking: Measure and track the department's success regularly.
  • Personnel Management: Supervise the recruiting and training of security personnel.
  • Task Allocation: Develop work schedules, allocate tasks, and monitor personnel performance.
  • Emergency Response: Coordinate responses to emergencies and alarms, and compile incident reports.
  • Equipment Maintenance: Prepare surveillance equipment maintenance schedules and facilitate timely repairs.
  • Policy Compliance: Ensure compliance with company policies and security industry regulations.

38. Information Security Manager Responsibilities and Key Tasks

  • Risk Management: Work with the Director of Security Operations to ensure the security program addresses identified risks and business requirements.
  • Threat Assessment: Manage the process of gathering, analyzing, and assessing the current and future threat landscape.
  • Risk Reporting: Provide the Director of Security Operations with a realistic overview of risks and threats in the enterprise environment.
  • Strategy Implementation: Provide leadership to the team in the implementation of the Information Security strategy.
  • Process Improvement: Identify process improvement opportunities and develop plans of action to resolve gaps with minimal management intervention.
  • Budget Planning: Work with the Director of Security Operations to develop budget projections based on short and long-term goals and objectives.
  • Policy Compliance: Monitor and report on compliance with security policies and standards, and enforce policies within the IT department.
  • Policy Development: Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
  • Team Management: Manage a staff of information security professionals, hire and train new staff, conduct performance reviews, and provide leadership and coaching, including technical and personal development for team members.
  • Audit Support: Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors and regulatory bodies.

39. Information Security Manager Duties and Roles

  • Security Awareness: Provide security communication, awareness, and training for audiences ranging from senior leaders to field staff.
  • Vendor Liaison: Work as a liaison with vendors and the legal and purchasing departments to establish mutually acceptable contracts and service level agreements.
  • Incident Management: Manage production issues and incidents, and participate in problem and change management forums.
  • Operational Response: Manage and coordinate operational components of incident management, including detection, response, and reporting.
  • Vulnerability Management: Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans, and communicate information about residual risk.
  • Project Management: Manage security projects and provide expert guidance on security matters for other IT projects.
  • Log Review: Ensure audit trails, system logs, and other monitoring data sources are reviewed periodically and comply with policies and audit requirements.
  • Security Testing: Design, coordinate, and oversee security testing procedures to verify the security of systems, networks, and applications, and manage the remediation of identified risks.
  • Data Protection: Perform the role of Data Protection Officer to ensure data within the organization is in line with local data protection guidelines and communicate with relevant stakeholders on managing data-related queries.
  • Policy Alignment: Ensure information security policies are reviewed and aligned with updated regulatory guidelines and policies.

40. Information and Data Security Manager Roles and Responsibilities

  • Security Strategy: Lead the development and execution of the information and data security strategy.
  • System Protection: Ensure IT systems and data are secure by design and protected from cyberattacks and data loss.
  • Incident Preparedness: Ensure processes and procedures are in place to guide organizational actions in the event of an attack or data loss.
  • Security Awareness: Drive organizational awareness about information and data security.
  • Training Implementation: Implement information and data security awareness training in collaboration with Privacy and IT management.
  • Audit Support: Contribute to information and data security audit initiatives and work with business teams and stakeholders to remediate gaps and vulnerabilities.
  • Policy Management: Review, update, and implement information and data security policies and procedures, including technical security standards.
  • Security Oversight: Provide input and guidance on security oversight for IT systems design and implementation to ensure appropriate and effective security controls are included.
  • Control Implementation: Assess, recommend, and coordinate the implementation of technical controls, hardware, and software to support and enforce defined security policies.
  • Risk Mitigation: Inform the Information and Data Security Management Framework by identifying and mitigating risks.

41. Information and Data Security Manager Overview

  • Program Implementation: Contribute to the implementation of the Information and Data Security Program and roadmap, leading related initiatives and projects in partnership with IT and business teams.
  • Metrics and KPIs: Develop metrics and scorecards that measure operational and program KPIs.
  • Third-Party Management: Work closely with outsourced and third-party security service providers to ensure alignment with policies and procedures.
  • Security Guidance: Provide expert guidance to the organization regarding all information and data security matters.
  • Incident Escalation: Serve as the escalation point of contact for all information and data security incidents and threats.
  • Vulnerability Management: Manage day-to-day activities of threat and vulnerability management, identify risks and tolerances, recommend treatment plans, and communicate information about residual risk.
  • Data Classification: Work with stakeholders to identify information asset owners and classify data and systems as part of a control framework implementation.
  • Executive Reporting: Prepare management reports and provide updates to executives.
  • Legislation Awareness: Maintain up-to-date knowledge of current information security legislation and best practice guidelines.
  • Client Support: Support client activities where information security is required, including assisting with RFP responses, client questionnaires, and client audit requirements, while developing mechanisms to make such work efficient and consistent.

42. Information Security Manager Job Description

  • Risk Assessment: Assess risks to IT systems’ availability, integrity, and confidentiality to ensure security and service continuity.
  • Information Assurance: Guide for information assurance strategies to manage identified risks.
  • Compliance Assessments: Perform or participate in security risk assessments, business impact analyses, and application accreditation assessments to maintain compliance of information systems and support the achievement of business goals.
  • Best Practices: Identify industry best practices, standards, methods, tools, and applications to optimize UPS’s business risk management.
  • Audit Analysis: Analyze security audit findings and recommend changes to improve the adequacy and effectiveness of security policies, best practices, procedures, and the security control environment.
  • Customer Requirements: Evaluate customer security requirements to ensure they can be met and identify the need for additional security controls and safeguards.
  • Mentorship: Mentor colleagues and guide teams to resolve security and business issues.
  • Team Leadership: Establish team objectives, delegate responsibilities, and oversee others’ work to allocate resources and ensure work completion.
  • Training: Provide training for team members to increase awareness and knowledge of emerging technologies and applications.
  • Process Improvement: Communicate identified areas for process improvements and solutions to inform and advise colleagues.
  • Solution Development: Develop and present technical and business solutions to facilitate process improvements.

43. Information Security Manager Functions

  • Project Management: Manage Information Security project life cycles to see projects from beginning to end.
  • Project Planning: Create, prepare, and maintain project plans to estimate resources, plan schedules, define goals, establish metrics, assess risks, develop cost plans, and provide stakeholder reports.
  • Status Reporting: Provide status communications for senior management on issues, concerns, and risks, recommend solutions, and ensure products meet customers' needs.
  • Resource Monitoring: Monitor assigned resources to continuously manage team productivity, project timelines, and deliverables.
  • Multi-Project Management: Balance multiple projects and deployment schedules to meet stakeholder goals and expectations.
  • Change Control: Manage the change control procedure to ensure project deliverables are formally reviewed, completed within the planned cost and timeframe, and closed.
  • Team Development: Manage and develop highly effective teams.
  • Process Administration: Manage resources and people processes to ensure the day-to-day administration of processes and formal procedures.
  • Career Development: Ensure that direct and indirect reports have documented career goals and detailed plans for achieving these goals to develop themselves personally and professionally.
  • Performance Evaluation: Conduct frequent performance evaluations and hold others accountable to established performance levels to achieve individual and group goals.
  • Coaching and Feedback: Coach others and provide ongoing feedback and support to improve performance.
  • Compensation Management: Make salary recommendations to reward employee performance.

44. Information Security Manager Accountabilities

  • Security Administration: Perform security administration for various systems.
  • Standards and Procedures: Develop and enforce related standards and procedures.
  • Intrusion Management: Manage intrusion detection and prevention systems.
  • Firewall Management: Monitor firewall change management for Internet systems.
  • Automation Development: Develop and maintain programs and automation procedures for security administration.
  • Security Consultancy: Assist in providing security consultancy.
  • Risk Assessment: Assist in security evaluation and technology risk assessment for new products and services.
  • CIA Assurance: Ensure the confidentiality, integrity, and availability of systems, networks, and information.
  • Policy Management: Develop, implement, and maintain policies and procedures of the enterprise information security program.
  • Program Operations: Oversee the daily operations of the enterprise information security program.

45. Information Security Manager Job Summary

  • IAM Development: Continually scale and improve IAM as a capability.
  • IAM Management: Effectively manage IAM people, processes, and technology.
  • Process Maturity: Build secure and mature processes.
  • Roadmaps and KPIs: Create and manage roadmaps and KPIs to monitor progress and performance.
  • IAM Strategy: Evolve strategy and solutions for IAM.
  • Enterprise IAM: Govern, manage, and operate enterprise-grade IAM processes, solutions, custom engineering and automation, people, and strategic planning.
  • Service Desk Operations: Operate, monitor, and improve an internal customer-focused Service Desk with an SLA and process-driven mindset.
  • Risk and Governance: Manage the annual and ongoing risk assessment process and cybersecurity governance.
  • Audit Compliance: Monitor and achieve compliance with programs, internal audits, and external audits.
  • Incident Response: Practice and execute the incident response plan.
  • Team Building: Build and strengthen the cybersecurity team.

46. Information Security Manager Responsibilities

  • Policy and Risk Management: Define and manage the company’s information security policies and risk management program.
  • Compliance Oversight: Oversee and lead security compliance efforts (SOC 2, ISO, PCI, etc.).
  • Security Audits: Lead regular audits of the security program to inform risk management and strategic decisions.
  • Security Advisory: Serve as an internal information security advisor and subject matter expert to the organization on various security initiatives.
  • Client Support: Serve as subject matter expert supporting client security RFIs and questionnaires.
  • Breach Response: Advise the local market on remedial actions following security breaches as a recognized specialist in corporate security.
  • Stakeholder Counsel: Understand corporate security and deliver clear advice and counsel to stakeholders across the business.
  • Risk Assessments: Ensure appropriate risk assessments and security plans are maintained and delivered.
  • Security Reporting: Report on security status for the General Security Manager, continuously improving and ensuring security plans are adhered to.
  • Policy Compliance: Maintain policy frameworks with direct responsibility for ensuring compliance with frameworks.
  • Market Guidance: Provide expert support and guidance to the local market.
  • Staff Mentorship: Offer informal guidance to junior staff.

47. Information Security Manager Details

  • Policy Management: Take the initiative to plan and maintain information security policies and rules that prevent confidential information leakage in cooperation with the global information security team.
  • Security Management: Conduct information security management based on policies, rules, and applicable laws.
  • Cross-Functional Collaboration: Work closely with IT, business auditing, and other confidential data-owned teams to achieve global and regional information security direction.
  • Employee Training: Provide training for employees, explaining security risks and corporate rules.
  • Vendor Assessments: Conduct information security assessments with external vendors in alignment with applicable cybersecurity protection regulations.
  • Issue Remediation: Track and coordinate responses to emerging security issues and ensure remediation.
  • Security Communications: Plan and manage all information security communications and reporting while acting as the primary advisor to the Chief Information Security Office (CISO).
  • Team Coordination: Coordinate the day-to-day operations of the Corporate Security Team.
  • Incident Response Leadership: Lead as the SIRT leader in the event of a Computer Security Incident Response Team (CSIRT) or Product Security Incident Response Team (PSIRT) engagement.
  • Team Development: Promote individual learning and self-directed development of team members.

48. Information Security Manager Duties

  • Team Leadership: Lead the security team on roadmap execution, prioritization, daily operations, and ongoing management of corporate and site security.
  • Talent Management: Recruit, manage, and develop a high-performance, distributed team of security engineers, mentor junior engineers, and build a diverse talent pool.
  • System Security: Drive the ongoing security of corporate systems, site infrastructure, CI/CD tool chain, and software.
  • Best Practices: Work with the Product Development organization to drive security best practices and continuous improvement.
  • Workflow Management: Move the InfoSec team towards a SCRUM workflow model for projects, drive cross-team implementations, and communicate progress and results.
  • Audit Management: Handle information security reviews and audits, both internal and of third parties.
  • Information Assurance: Serve as the go-to person for all information assurance and security matters.
  • Secure Architecture: Ensure architecture teams include security within designs.
  • Compliance Oversight: Ensure the organization complies with industry standards and best practices.
  • Process Improvement: Perform process re-engineering and efficiency improvements for the team.

49. Information Security Manager Overview

  • Process Development: Analyze technologies and establish highly effective processes and protocols to ensure comprehensive protection exists to prevent unauthorized entry into company networks and systems.
  • Automation and Orchestration: Support automation and orchestration to maximize team talent and reduce routine tasks.
  • Validation Testing: Conduct independent verification and validation testing of company networks and sensitive programs through internal team resources and independent consultant engagements.
  • Enterprise Security: Lead the security function to implement secure enterprise systems and identify issues that could compromise data integrity or security.
  • Regulatory Compliance: Develop IT security programs and recommend necessary changes to the information security team to ensure company systems are fully compliant with applicable regulatory requirements and privacy laws.
  • Cybersecurity Architecture: Develop cybersecurity architecture, designs, controls, processes, standards, and strategies to ensure alignment with Information Security standards, emerging threats, and overall Information Security strategy.
  • Incident Response: Develop and implement incident response protocols for ongoing threats and attacks.
  • Threat Communication: Communicate the status of the current threat environment, incidents, and projected threats to senior management and executives.
  • System Evaluation: Manage the evaluation and testing of hardware, firmware, and software for possible impact on system security.
  • Project Integration: Coordinate with other managers to integrate Information Security project components with other projects, including application development, network, server, and mainframe.

50. Information Security Manager Functions

  • Cyber Delivery Leadership: Provide leadership and oversight to the cyber delivery team and ensure alignment with customer requirements.
  • Program Management: Plan, lead, and coordinate activities of service delivery through all phases of a program from inception through completion.
  • Contract Management: Manage contract deliverables for multiple accounts in various market segments while influencing customer satisfaction, program profitability, and revenue growth.
  • Business Development: Partner with leadership and team members to manage the business relationship with external customers while seeking out new opportunities for business growth.
  • Proposal Review: Support leadership and team in reviewing proposals to determine success criteria, goals, time frames, budget limitations, and procedures for accomplishing tasks, staffing requirements, and resource allocation within program objectives.
  • Program Monitoring: Continually monitor program status, success, and outcomes, and communicate regularly with applicable stakeholders.
  • Policy Enforcement: Review and enforce information security policy, standards, and guidelines for IT business applications and infrastructure projects.
  • Risk Identification: Identify IT security risks in IT business applications and infrastructure projects.
  • Security Assessments: Conduct security assessments for business applications, infrastructure projects, and third-party service providers.
  • Security Projects: Undertake new security projects to improve security controls, efficiency, and ease of use.
Relevant Information
What Does A Cybersecurity Manager Do?