- Company Name
- Precisely
- Job Title
- Information Security Manager
- Job Description
-
**Job Title:** Information Security Manager
**Role Summary:**
Lead and manage the Information Security Management System (ISMS) for a product line that processes personal data, ensuring alignment of product design with security and privacy requirements. Manage a team of security professionals, maintain industry certifications, coordinate audits, penetration tests, and risk communications, and partner with compliance and external auditors to meet legal and contractual obligations.
**Expectations:**
- Manage ISMS in a complex IT environment covering service delivery, application development, and infrastructure.
- Maintain and update SOC 1 & 2 Type II, HIPAA HITECH, ISO 27001, and ISO 27701 certifications.
- Ensure compliance with GDPR, CCPA, PCI‑DSS, and other relevant regulations.
- Lead quarterly dynamic application security testing (DAST), annual internal and third‑party pen tests.
- Maintain security scorecards, prioritize remediation with product teams.
- Serve as SME for security questionnaires in RFP responses.
- Conduct investigations into security incidents in collaboration with the Incident Response Center.
- Communicate findings to the InfoSec Risk Board and senior leadership.
**Key Responsibilities:**
1. Align Engage business unit to the organization’s Information Security Management System and applicable legislation.
2. Maintain, audit, and continuously improve security policies, procedures, and controls.
3. Manage SOC 1/2, HIPAA, ISO 27001/27701 certification lifecycle.
4. Coordinate and oversee application security testing (DAST, penetration tests) and remediation.
5. Create and maintain accurate security scorecards and dashboards.
6. Liaise with legal for annual privacy reviews of Engage products.
7. Participate in incident investigation and root‑cause analysis.
8. Provide expert support for security questionnaires during RFP processes.
9. Lead, mentor, and evaluate a technical security team.
10. Communicate risk assessments and mitigation strategies to risk boards and leadership.
**Required Skills:**
- Proven experience managing an ISMS (ISO 27001, SOC 1/2, HIPAA, GDPR, PCI‑DSS, CCPA).
- Deep knowledge of application security threats (OWASP Top 10, SAST/DAST) and countermeasures.
- Strong understanding of emerging threats, cyber‑resilience, and security operations.
- Experience with vulnerability scanning, penetration testing, and security tooling.
- Ability to translate technical risk into business language for leadership.
- Demonstrated team‑leadership, mentoring, and cross‑functional collaboration.
- Excellent written and verbal communication, report‑writing, and presentation skills.
- Familiarity with privacy impact assessments and data‑protection frameworks (ISO 27701, CCPA, GDPR).
- Experience with regulatory audit processes and management of third‑party integrations.
**Required Education & Certifications:**
- Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or related field (or equivalent professional experience).
- Professional certifications such as CISSP, CISM, ISO 27001 Lead Implementer, or similar are strongly preferred.
---