Position Overview:
180 medical/HSG IT is looking for an experienced Information Security Manager who works independently, ensures information is protected (confidentiality, integrity, and availability) and applies practical knowledge of job obtained through education and work experience.

This role will:

• Define Information Security Risks
• Develop infosec policies, standards, and control frameworks to mitigate these risks.
• Deploy and manage information security controls.
• Investigate and enforce information security policies.
• Assist with obtaining and maintaining security certifications.

QUALIFICATIONS/EDUCATION:

• Knowledge of network infrastructure, including routers, switches, firewalls, moderate Database query abilities and associated network protocols and concepts.
• Strong verbal and written communication skills
• Ability to facilitate cross-functional teams.
• Ability to translate business requirements into control objectives.
• Knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
• Ability to work independently with limited supervision.
• Ability to demonstrate that you can influence others (key stakeholders including business) through explanation of facts, policies, and practices.
• Bachelor’s degree in computer science, Information Systems, Software Engineering, or equivalent experience
• CISA and/or CISM
• Experience in NIST Cyber Framework
• Minimum 10 years of overall experience in IT
• Minimum of four years’ experience in Information Security
• CISSP is reccomended but not required.

KEY RESPONSIBILITIES:

• Manage information security management system (ISMS).
• Identify and document information assets containing sensitive data and ensure access reviews of critical systems.
• Identify information security risks.
• Protect classified information.
• Assurance over partners (IT outsourcers and SAAS)
• Maintain retention policy and register.
• Identify, report and governance over information security risks.
• Manage DLP policy and respond to alerts.
• Monitor intended leavers for potentially risky behaviors.
• Monitor and investigate data leakage incidents.
• Implement and manage eDiscovery and Litigation Hold
• Fulfil eDiscovery and litigation hold requests and annual reviews.
• Manage information security awareness plan, deliver, and maintain information security awareness training.
• Automate collection and insertion into consolidated centralize evidence hub(Diligent as example)
• Ensure near misses and policy breaches are followed upon as necessary (with training)
• Conduct Phishing Campaigns.
• Provide security awareness and compliance metrics demonstrating effectiveness of awareness plan.
• Identify infosec risks across projects and business processes.
• Information protection across key systems.
• Provide requirements for projects to mitigate information security risks.
• Perform initial vendor assessment and ongoing assurance over key vendors and service providers.
• Assist in implementing the Information security strategy across 180 medical/HSG.

This role will:

• Define Information Security Risks
• Develop infosec policies, standards, and control frameworks to mitigate these risks.
• Deploy and manage information security controls.
• Investigate and enforce information security policies.
• Assist with obtaining and maintaining security certifications