Information Security Manager

We are looking for an InfoSec Manager to develop and enforce security strategy, policies, and operations across the company. This role combines governance and hands-on technical responsibility: from Security Risk management and IAM to endpoint protection, security operations, and IT infrastructure. Information Security Manager will work closely with leadership and IT teams to ensure resilience against evolving threats and compliance with data protection requirements.

Responsibilities:

• Develop and maintain corporate information/cybersecurity strategy aligned with business goals.
• Define and enforce security policies, standards, and guidelines for information security, PII protection, and IAM.
• Build and update a cybersecurity plan based on evolving risks and threats.
• Conduct periodical risk assessments of infrastructure, applications, and processes based on the comprehensive asset management.
• Integrate data confidentiality and privacy (PII) protection into daily operations (“privacy by design”).
• Manage Accesses with SSO, MFA, and RBAC implementations on corporate systems.
• Oversee provisioning/deprovisioning and regular access reviews.
• Manage workstation and laptop security, including BYOD policies.
• Establish incident detection, response, and recovery processes.
• Ensure secure configuration of corporate tools (Google Workspace, Slack, etc.).
• Maintain backup, disaster recovery, and business continuity readiness.
• Execute Information Security Awareness campaigns.

Requirements:

• Ability to collaborate with leadership and technical teams, balancing governance and practical controls.
• Proven experience in developing and maintaining corporate information/cybersecurity strategy aligned with business objectives.
• Strong knowledge of security governance, including definition and enforcement of security policies, standards, and guidelines (information security, PII/data privacy, IAM).
• Practical experience building and maintaining a cybersecurity roadmap and adapting to evolving threats.
• Design and implementation of IT asset management and hands-on experience conducting risk assessments across infrastructure, applications, and business processes. 
• Technical expertise with Identity & Access Management (IAM): SSO, MFA, and RBAC implementations for SaaS and on-prem applications.
• Experience managing user lifecycle (provisioning, deprovisioning, and access reviews).
• Knowledge of security operations practices: incident detection, response, and recovery.
• Experience securing corporate IT tools such as Google Workspace, Slack, and similar SaaS platforms.
• Familiarity with backup solutions, disaster recovery planning, and business continuity management.
• Practical experience in running Awareness Campaigns, evaluate its effectiveness and continuously improve them
• Relevant certifications (CISSP, CISM, ISO 27001, or equivalent) are a strong plus.