Information Security Manager

Job description / Role

Description

The information security manager is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. As a key executive in the bank’s governance structure, the IS manager leads the development and enforcement of cybersecurity policies, data privacy frameworks, and threat mitigation protocols in alignment with regulatory requirements and global standards.

Key responsibilities

Governance & compliance
Lead the bank’s information security governance framework, aligning with ISO/IEC 27001, NIST CSF, and COBIT 2019.
Ensure compliance with local and international regulations e.g., GDPR, PCI DSS, FFIEC, GLBA for USA.
Report regularly to the board risk committee on cybersecurity posture, incidents, and strategic initiatives.
Oversee third-party risk assessments and vendor security due diligence.

Cybersecurity & anti-hacking protocols
Design and implement zero trust architecture (ZTA) and endpoint detection & response (EDR) systems.
Lead security operations center (SOC) and incident response teams (IRTs) in threat detection, containment, and recovery.
Deploy advanced threat intelligence platforms and penetration testing programs.
Monitor and mitigate risks from ransomware, phishing, DDoS, and insider threats.

Data privacy & protection
Enforce data classification, encryption, and access control policies across all systems.
Implement data loss prevention (DLP), secure access service edge (SASE), and privacy impact assessments (PIAs).
Collaborate with legal and compliance to uphold privacy rights and breach notification protocols.
Ensure secure handling of personally identifiable information (PII) and financial data.

Strategic leadership & innovation
Drive security awareness and training programs across all levels of the organization.
Lead digital resilience initiatives and contribute to secure cloud migration strategies.
Evaluate emerging technologies (e.g., AI/ML in threat detection, blockchain security) for strategic adoption.
Foster a culture of proactive risk management and continuous improvement.

Requirements

Bachelor’s or master’s degree in cybersecurity, information technology, or related field.
Minimum 10 years of experience in information security, with 5+ years in a leadership role in banking or financial services cybersecurity governance.
Required certifications: CISSP, CISM, CISA, CRISC.
Preferred: CCSP, CEH, GIAC, or equivalent.