- Company Name
- MerchantE
- Job Title
- Information Security Manager
- Job Description
-
**Job Title:** Information Security Manager
**Role Summary:**
Lead the enterprise information security program, driving the development, implementation, and continual improvement of security policies, controls, and incident response. Act as the primary liaison between security, product, engineering, and other business functions to embed a security‑centric culture and ensure compliance with industry best practices and regulatory requirements.
**Expectations:**
- Deliver a robust security posture that protects critical systems and data.
- Influence architecture and product decisions to incorporate security from inception.
- Lead and develop a cross‑functional security team, fostering technical excellence and professional growth.
- Provide transparent, KPI‑driven reporting to senior leadership and governance boards.
**Key Responsibilities:**
- Champion and evangelize security best practices across all departments.
- Serve as the escalation point for security incidents and operational security decisions.
- Own tactical execution of the strategic security vision, including vulnerability management, log monitoring, and incident response.
- Draft, maintain, and enforce information security policies and procedures.
- Evaluate, select, and implement security technologies (IDS/IPS, DLP, encryption, MFA, etc.).
- Conduct security architecture reviews, threat modeling, and risk assessments.
- Collaborate with Enterprise Risk Management, Legal, HR, and product teams on risk management and remediation.
- Build, hire, coach, and performance‑manage a high‑performing security team.
- Participate in change advisory (CAB/RAB) and product release governance.
- Represent the organization in security forums, communities, and industry groups.
**Required Skills:**
- 10+ years in information security, with proven experience in enterprise tool deployment (IDS/IPS, anti‑malware, DLP, firewalls, identity & access management, NAC, MDM).
- Hands‑on expertise in advanced malware analysis, forensic tools, and incident response.
- Proficiency with Splunk (deployment, endpoint configuration, log analysis).
- Strong network and application security skills: code reviews, database security, web protocols (TCP/IP, IPSec, HTTP, SSL), and traffic analysis.
- Practical experience with Nmap, vulnerability scanners, OWASP ZAP, Kali, Metasploit, Wireshark.
- Excellent written and verbal communication; ability to produce clear technical and business documentation.
- Demonstrated leadership, critical thinking, and problem‑solving in a cross‑functional environment.
**Required Education & Certifications:**
- Bachelor’s degree in Computer Science, Information Technology, or related field (or equivalent experience).
- Relevant certifications (e.g., CISSP, CISM, CEH, GIAC Security Essentials, or equivalent) are strongly preferred.