Log in

Company Name


Phone Number


Company Place





Publish Date


End Date



IT & Dizajn

Job Places


Job Description

Job purpose:

Information Security Manager will have primary responsibility for performing security architecture duties, cyber threat and vulnerability intelligence, system monitoring, security incident response and controls automation. The manager will develop and manage information systems security strategies, including disaster recovery, data protection, auditing, breach investigation and policy and procedure administration. Responsible for information security policies, procedures, user access and technical systems security settings in order to maintain the confidentiality, integrity, and availability of all PECB Systems (including IT infrastructure and applications). Information Security Manager will provide recommendations on how to mitigate vulnerabilities, will work with developers to advice on security needs and requirements, update security policies and procedures; and provide training as part of a company’s security awareness and training program.

Description of duties and responsibilities:

  1. Provide strategic direction to related governance functions (such as Risk Management, IT Audit, Legal and Compliance);
  2. Establish a process to periodically update policies and procedures to ensure they accurately reflect business requirements and align to industry leading security practices;
  3. Provide oversight and continuous enhancement of cyber security awareness program and improvement on risk management;
  4. Collaborates with the Security Committee and leads the design, implementation, operation and maintenance of the Information Security Management System based on the ISO/IEC 27000 series standards, including certification against ISO/IEC 27001 where applicable;
  5. Ensure periodic testing is conducted to evaluate the security posture of IS. Conduct periodic reviews of ISs to ensure compliance with the System Security Plans (SSP);
  6. Provide technical security expertise in Technology projects to ensure security standards are met
  7. Leads or commissions the preparation, and authorizes the implementation, of necessary information security policies, standards, procedures and guidelines;
  8. Prepare and submit Plan of Action & Milestone (POA&Ms) identifying IS weaknesses, mitigating actions, and the resources and timelines for corrective actions. Maintain POA&Ms for all security-related vulnerabilities and ensure serious or unresolved violations have visibility on their corrective action;
  9. Investigate and analyze details of security incident;
  10. Maintain a flexible work schedule to meet position demands for after-hours support;
  11. Leads the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations
  12. Communicates audit findings and coordinates their resolution by preparing reports, status updates and discussing findings with stakeholders;
  13. Forms a “Centre of Excellence” for information security management, for example offering internal management consultancy advice and practical assistance on information security risk and control matters throughout the organization;
  14. Develop and manage controls to ensure compliance with the wide variety and ever changing requirements resulting from laws, standards and regulations;
  15. Liaise with senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies;
  16. Other duties as assigned by the management.

Required Skills/Qualifications:

  • High level of integrity to deal with confidential information;
  • Fluency in English language (written and spoken);
  • Bachelor degree in Computer Science, Computer Information Systems, Business Administration, or its equivalent in work related experience;
  • 5+ years of experience in information security;
  • PECB ISO 27001 LA, LI, PECB ISO 27002, or similar preferred;
  • CISSP, CISA, or CISM a plus;
  • Experience with developing security framework such as ISO, NIST, PCI, and IT SOX audit requirements and security attack vectors a plus;
  • Knowledge
  • Experience with data classification, access control, and security models
  • Strong analytical and problem solving skills
  • Ability to work effectively will people at various levels throughout the organization
  • Must work well under pressure, grasp new ideas quickly, think outside the box, and be able to follow up in a dynamic environment
  • Strong multi-tasking skills in a fast paced environment
  • Strong team player
  • Work well independently with minimum supervision
  • Excellent verbal and written communication and interpersonal skills
  • Excellent knowledge of technical management, information analysis and of computer hardware/software systems;
  • Expertise in data governance;
  • Strong attention to details;
  • Ability to work independently and with groups;
  • Adaptability to a changing and fast paced work environment;
  • Good customer service skills.

To apply, please send your updated resume in English before April 30th, 2017 at hr@pecb.com by specifying the job position in the subject line.

Resumes sent via other means will not be considered. Only short-listed candidates will be contacted. No phone calls please!