We are looking for a motivated, energetic and experienced Information Security Manager (ISM) to be part of our information security journey and take the lead in the security GRC and awareness domains. Take ownership of your domain and oversee information security through the development of policies, training initiatives, establishment of vendor security assurance, advancement of company awareness, and the development of security and privacy compliance certificates and audits.
As a key role within the Information Security team, the ISM position requires a working knowledge of information security systems and technologies. The ISM will proactively work with all teams and departments to implement practices that meet defined policies and standards for information security. He or she will also oversee a variety of security-related risk management activities.
The ISM will serve within the Governance, Risk, and Compliance (GRC) team as the process owners of GRC activities related to the availability, integrity and confidentiality of customers, business partners/vendors, employees, and business information in compliance with the organization's information security policies. The ISM must be highly knowledgeable about the business environment and ensure that information systems are maintained in a fully functional, secure mode.
What you will be doing:
Manage Forters GRC program, ensuring compliance with SOC2, ISO 27001/27701 and PCI-DSS, while enhancing process efficiency through the implementation of automation.
Review, update, and create policies and procedures to ensure alignment with customer requirements, certifications, and regulations.
Respond to security questions and questionnaires from company prospects and customers, providing support for company operations.
Conduct routine internal security reviews.
Manage information security risk activities, including conducting annual risk assessments, performing root cause analysis, and overseeing remediation activities.
Lead the vendor security program - Assess the security and compliance of vendors.
Responsible for the security awareness program, conducting training sessions, quizzes, and drills.
Continuously enhance the security standard of solutions by developing / implementing open-source / third-party tools to assist in detection, prevention and analysis of security threats, manage internal and external pen testing and test security products and evaluate them.
Provide technical answers and assist sales teams with RFPs / RFIs / RFQs and sales efforts.
Requirements: 5+ years working in a relevant security role.
Proven project management capabilities in GRC & Awareness domains, including planning and execution.
Knowledge of risk assessment industry best practice frameworks and methods and ability to independently lead risk remediations across the organization with minimal supervision.
Ability to effectively communicate security needs and business requirements to stakeholders.
Proven experience with common information security management frameworks, such as ISO27001 / SOC2 / PCI-DSS or similar.
Proficiency in performing business impact analysis, vulnerability assessments, and in defining treatment strategies.
Knowledge of and experience in developing and maintaining policies, procedures, standards and guidelines., documenting security architecture and plans (including project plans).
Extensive knowledge of various threats and vulnerabilities (DDOS, Social engineering hacking forms, etc.).
Great verbal and written communication skills, Hebrew and English.
Ability to work with cross-functional teams.
This position is open to all candidates.