Careers

ISO Security Manager

View all Jobs

Minsk, Belarus

Solutions

Specialists in industry disruption, eWave is an independent digital transformation agency with commerce at its core. Using service design thinking, we have an unwavering commitment to delivering experience-driven digital reinvention that inspires deeper relationships between brands and their customers.

Partnering with brands such as Nike, Canon, Coca-Cola Amatil, and Nestle, we work on some of the most exciting and innovative digital projects in the APAC market.

We are headquartered in Sydney, Australia, our team is our strongest asset, and together, we’re reimagining consumer needs using methods that bring our clients closer to their customers than ever before. We’re thinkers, we’re creatives, we’re technologists, and we’re looking for people to join us on our journey.

THE ROLE

The Security Manager is responsible for assessing and documenting the organization’s compliance and risk posture as they relate to its information assets. The Security Manager will maintain expertise in cyber-security intelligence, to ensure effective system-wide security analysis, intrusion detection, standards and testing, risk assessment, awareness and education and development of policies, standards and guidelines.

The Responsibilities

  • Assist in the development and implementation of system-wide risk management functions of the information security program to ensure information security risks are identified and monitored.
  • Internally assess, evaluate and make recommendations to management regarding the adequacy of security controls for the information and technology systems.
  • Assist in developing and maintaining Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Data Governance Security Program and initiatives.
  • Support the system-wide information security compliance program, ensuring IT activities, processes and procedures meet and support the defined policies, procedures and processes.
  • Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legal and regulatory interpretation.
  • Implement strategies and project plans for dealing with audits, compliance checks, external assessment processes for internal and external auditors related to information security programs.
  • Provide guidance, evaluation and input on responses to audits impacting information security programs.
  • Conduct Information Security due diligence on 3rd party vendors to ensure adherence to organizational, regulatory or legal standards.
  • Develop routine reports in accordance with GRC metrics
  • Work with the CISO (to be a CISO) to determine the acceptable level of risk for enterprise computing platforms.
  • Liaise with key functional teams such as HR, IT, Marketing, Finance, Product Management, Development, General Counsel, and the Business to identify new applications and service providers in use and the associated security controls to secure the data.
  • Investigates incidents and events that include potential HIPAA and other data breaches, data leakage, brand reputational risks, malware propagation, system compromises etc.
  • Assist in the management and maintenance of the enterprise wide IS Security Awareness Program which includes phishing simulations, computer-based training, proactive communications on latest threats, workshops and newsletters.
  • Work with the CISO to ensure the Information Security team stays abreast of new regulatory, legal and/or compliance data security requirements.
  • Ensure compliance with HIPAA and applicable legal and regulatory requirements.
  • Other security-related projects that may be assigned according to skills and organizational priorities.

THE CANDIDATE

  • You have at least 5 years experience in building an Information Security Risk Management program.
  • Bachelor’s Degree, in Computer Engineering, Computer Science, or Information Systems Management preferred or equivalent work experience in the field of Cybersecurity.
  • Information Security experience in IT, healthcare, banking or government programs.
  • Information security related training or certifications.
  • Understanding and familiarity with information and cyber-security frameworks (ISO, NIST, HiTrust, COBIT, etc)
  • Experience in ISO27001 certification.
  • Experience implementing an Information Security Risk Management Program, including an IS risk register which includes identifying threats and risks to the organization.
  • Experience performing Third Party Risk Assessments for new and existing vendor tools, on premise implementations, and third parties with access to the environment.
  • Experience responding to, analyzing, and communicating information security incidents.
  • Strong documentation and communications skills.

THE BENEFITS

  • Rewarding Salary + Bonuses
  • Personal Growth Roadmap, Ongoing Performance Review & Mentoring Program
  • Certification Programs
  • English Training Program
  • Medical Insurance
  • Unlimited Annual Leave
  • Remote Work Opportunities
  • Corporate Events 

Apply now

*

What Our Team Says

We're able to build long-term trusted partnerships with our clients, because we build long-term trusted relationships with our team members.

Daniel Day | eWave