Senior IT Security Manager

We are looking for an experienced Senior Security Manager for an established MNC. The Senior Security Manager oversees all IT and Cybersecurity operations across the company’s entities, ensuring the availability, integrity, and confidentiality of customer, business partner, employee, and business data in line with the organization’s security protocols. This role involves working with executive leadership to define acceptable risk levels for people, processes, and technology. Additionally, the Senior Security Manager will implement and maintain a comprehensive information security management program to protect information and digital assets.

The ideal candidate will have a minimum of 8 years of experience managing security for On-Prem Infrastructure and at least 5 years (DevSecOps/SecOps) with Cloud environments/instances (IaaS, PaaS & SaaS). Experience with BIMCO is a plus.

Responsibilities

Governance / Audit / Risk / Compliance Management

• Lead, conduct and liaison with internal and external auditor to conduct periodic IT/Security Audit
• Establish and formalize Risk Management for Business and IT through risks assessment.
• Propose investments on solutions against risks exposure vs risks acceptance level vs impact to
  business and operations.
• Work directly with the business units to facilitate risk assessment and risk management processes.
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services.
• Ensure compliant to local and global regulatory on IT/Cyber Security for shore offices, cloud
  environment and vessels.

Project Initiatives

• To constantly survey and identify security gaps/short comings in the respective areas (infra, cloud,
• vessels) to device appropriate solutions (people, process, technology) for mitigation.
• To propose and manage timeline, budget, and scope of work for IT security projects.
• To work with respective stakeholders (internal/external) to enhance the overall company IT security posture through solution such as Bitsight, Watchtwr, CSA, etc.
• To manage stakeholders’ expectations and analyse the risk and impact of the company’s operations
• when implementing new technologies.

Operation

• Owner to develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program that covers on-prem, cloud and vessels globally across the group of subsidiaries.
• Drive ongoing cybersecurity awareness program and campaigns (e.g. Phishing, USB attack, etc) to increase users’ awareness.
• Develop and enhance an information security management framework for the organization.
• Overall owner responsible for Incident Response on any cyber related attacks.
• Work with external vendor(s) and internal IT management to design, develop, and implement cyber related IT BCP initiatives (e.g. Incident Response, alternative workplace solution & strategy, etc).

Architecture

• Member of the Technology Architecture Board to design and develop Security-first Software (API, Micro-services, Database/Stream) and Infrastructure (Cloud/On-Prem/Vessel) architecture.

Advisory

• Lead in the overall leadership on cybersecurity strategy, risk management and incidence response.
• Provide leadership to the enterprise’s information security organization.
• Partner with business stakeholders across the company to raise awareness of risk management concerns.
• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems.
• Provide regular communication at executive/company level on the global cybersecurity scene.

Requirements

• Degree or Master’s Degree in a technology and/or cybersecurity-related field required.
• Professional security management certification (CRISC, CISSP, CISM, CISA, Qualified Information Security Professional, Certified Ethical Hacker, etc.).
• Excellent written and verbal communication skills and a high level of personal integrity.
• Significant experience working and presenting to C-suite executives on cyber initiatives.
• Innovative thinker with strong people engagement skills and the ability to lead and motivate cross-functional, interdisciplinary teams.
• Experience with contract and vendor negotiations and management, including managed services.
• Experience working in organizations that conduct in-house cloud-native software development.
• Experience with security standards/processes in a cloud computing/elastic computing environment, especially Azure.
• Strong business acumen required to comprehend and evaluate business scenarios, make informed decisions, and take the necessary steps to achieve the organization’s goals.
• Minimum of 8 years of experience managing security for on-prem infrastructure and at least 5 years in DevSecOps/SecOps with cloud environments/instances (IaaS, PaaS, SaaS).
• Minimum of 8 to 10 years of experience in a combination of risk management and information security.
• At least 5 years of hands-on experience in evaluating, selecting, designing, and implementing various security processes, policies, and solutions.
• Experience in building an internal SOC team and/or managing MSSP.
• Familiarity with various data privacy and cybersecurity frameworks (e.g., NIST, ISO 27001/27002, SOC2, GDPR, OWASP, etc.). Experience with BIMCO is a plus.
• Proficiency in implementing and managing advanced and/or automated security solutions (e.g., IDS/IPS, EDR/XDR, SIEM, SOAR, SASE, SWG, BAS, etc.).
• Experience in implementing various cybersecurity architectures (e.g., OSI, Zero Trust Architecture) across cloud and on-prem environments, including Azure/AWS.
• Min. 5 years or more in building and leading a high-performance team.
• Familiarity and experience with the latest cloud-based infrastructure & cybersecurity technology solutions.
• Experience in dealing with senior business stakeholders & in leading teams and vendors.

To apply, please send your CV to talentagent@innergy-consulting.com
We regret that only shortlisted candidates will be notified. Thank you for your understanding.