Information Security Manager

The Information Security Manager will be responsible for developing and implementing a comprehensive information security program to protect YAP’s assets, data, and reputation. This role requires a strong understanding of cybersecurity best practices, risk management, and compliance regulations.

Requirements:

At least 5 years of relevant experience in information security, cybersecurity, or a closely related field, with progressive responsibility in managing security programs and teams.

Responsibilities:

Security Strategy Development

• Develop and implement an enterprise-wide information security strategy aligned with YAP’s business objectives.
• Design and implement, maintain security policies, standards, and procedures to safeguard information assets.

Risk Management

• Conduct regular risk assessments and threat modeling to identify vulnerabilities and potential threats to business operations.
• Develop and implement risk mitigation strategies and security controls to address identified risks.
• Monitor and analyze security incidents, ensuring appropriate response measures are implemented.

Compliance and Governance

• Ensure compliance with relevant security regulations, standards, and frameworks, such as PCI DSS, and ISO 27001.
• Oversee third-party vendor risk assessments to ensure alignment with security requirements.
• Conduct regular audits and assessments to verify compliance and ensure adherence to security policies.

Data Security

• Oversee the protection of sensitive data, including customer data, financial information, and intellectual property.
• Implement and maintain data loss prevention (DLP) measures and ensure compliance with data privacy regulations.

Incident Response and Recovery

• Develop and manage an incident response plan to address and mitigate security breaches and incidents.
• Lead investigations into security incidents, coordinating with relevant stakeholders, law enforcement, and authorities when necessary.
• Develop and maintain a robust disaster recovery and business continuity plan to minimize downtime and data loss during disruptions.

Technical Security Oversight

• Oversee the implementation and maintenance of security controls, such as firewalls, intrusion detection/prevention systems (IDS/IPS), and endpoint protection tools.
• Collaborate with IT and development teams to ensure secure infrastructure, applications, and architecture.
• Regularly perform vulnerability assessments, penetration testing, and system hardening to enhance security posture.

Security Awareness and Training

• Develop and deliver security awareness training programs for employees to promote a culture of security.
• Regularly update staff on evolving cybersecurity threats and best practices to ensure vigilance across the organization.

Monitoring and Reporting

• Implement security monitoring tools and processes to detect and respond to threats proactively.
• Prepare and present regular reports on security metrics, risks, and incidents to executive leadership, enabling informed decision-making.

People Management

• Lead, mentor, and manage the information security team, including hiring, onboarding, performance evaluations, and professional development of team members.
• Foster a high-performing team culture focused on accountability, collaboration, and continuous improvement in cybersecurity practices.
• Allocate resources effectively, set team goals, and ensure the team has the necessary skills and tools to support the organization’s security objectives.

Stakeholder Collaboration

• Work closely with product, development, and IT teams to integrate security throughout the product lifecycle.
• Act as a subject matter expert on security matters, providing guidance to internal teams and external partners.

Innovation and Continuous Improvement

• Stay updated on emerging cybersecurity trends, technologies, and threats to proactively enhance security measures.
• Evaluate, recommend, and implement advanced security technologies to strengthen YAP’s defense capabilities.
• Ensure secure design principles are embedded in all technical projects to future-proof the organization’s security framework.

How to Apply

Send your updated CV to career@yappakistan.com with the subject line: Information Security Manager.