Information Security Manager (Contract position)

Pearson Lanka (Pvt) Ltd

https://www.dreamjobs.lk/jobs/information-security-manager-contract-position

Information Security Manager <div dir="ltr"> <table> <tbody> <tr> <td> ESSENTIAL DUTIES AND RESPONSIBILITIES <ul> <li dir="ltr"> Responsible for all Information Security activities within Growth markets (South Africa, Brazil, India, China, LATAM and Middle East) </li> <li dir="ltr"> Accountable for Growth Region Security Governance, including driving geographic security forums, risk management, incident management and post incident reviews, and security improvement projects </li> <li dir="ltr"> Review all business and technology projects and ensure CISO requirements are implemented, serve as a subject matter expert and consultant to various project teams </li> <li dir="ltr"> Drive all Security Risk Assessment remediation work related to Infrastructure, Applications and Business Processes </li> <li dir="ltr"> Work with business stakeholders to ensure that Information Security policies and standards are integrated with business processes in the Geography, for example S-SDLC process </li> <li dir="ltr"> Review infrastructure & application security results from various static and dynamic security testing tools such as Qualys, IBM AppScan, Burp Suite and Checkmarx and interpret findings to various teams </li> <li dir="ltr"> Provide recommendations to development teams in resolving application security issues </li> <li dir="ltr"> Manage and coordinate all application security remediation work </li> <li dir="ltr"> Perform other vulnerability identification including system level reviews, vulnerability scans, and penetration tests on infrastructure and applications as required. </li> <li dir="ltr"> Provide security training and awareness sessions to developers, system administrators, and business-focused personnel </li> <li dir="ltr"> Work with cross-functional teams to drive the closure of identified vulnerabilities and security risks </li> <li dir="ltr"> Remain up to date on current information security risks, concepts, and approaches. </li> <li dir="ltr"> Work with application development teams to ensure OWASP ASVS (Application Security Verification Standard) requirements are implemented </li> <li dir="ltr"> Ability to create reports and perform risk assessments using industry standard control frameworks such as ISO 27001 </li> </ul> </td> </tr> </tbody> </table> </div> EDUCATION and/or EXPERIENCE <ul> <li dir="ltr"> Possession of Bachelor’s Degree in an IT-related discipline is required. </li> <li dir="ltr"> At least 8+ years of Information Security experience </li> <li dir="ltr"> Extensive experience in the information security field, designing and implementing enterprise security solutions in a global context. </li> <li dir="ltr"> Deep and Broad understanding related to technical security encompassing endpoint technologies, applications, application hosting, physical and virtual data centre hosting </li> <li dir="ltr"> Excellent verbal and written communication skills with a wide range of audiences including technologists,executives, business stakeholders and IT team members. </li> <li dir="ltr"> Experience in leading matrix global teams. </li> <li dir="ltr"> Certifications such as CISSP, CISM, CRISC, CGEIT and CISA are an added advantage </li> <li dir="ltr"> Strong problem-solving skills. </li> <li dir="ltr"> Understanding of common web vulnerabilities, including OWASP Top 10, Application Security Verification Standard (ASVS) is required </li> <li dir="ltr"> Familiarity with common security tools, including vulnerability scanners, Security Incident and Event Management, Intrusion Detection/Prevention Systems, Web Application Firewall, and web application assessment enabling tools. </li> <li dir="ltr">Ability to understand and communicate business impact of information security risks.</li> </ul> Please click the link to apply - http://pearsonlankavacancies.peopleshr.com