Job Search
Job Title
IT Security Manager (Compliance & Risk)Employment Type
Full TimeExperience
8 yearsSalary
Job Published
07 July 2026Job Reference No.
370949Job Description
The IT Security Manager is responsible for leading and supporting information security governance, risk management, compliance, and security assurance activities across the organization.
Security Governance
Develop, maintain, and improve information security policies, standards, procedures, and guidelines.
Drive adoption of security governance practices across the organization.
Partner with business and technology stakeholders to ensure security requirements are included in business processes and initiatives.
Provide subject matter expertise on information security governance matters.
Risk Management
Lead the identification, assessment, treatment, monitoring, and reporting of information security risks.
Maintain and support the enterprise security risk register.
Track remediation plans and ensure security risks are managed within approved timelines.
Facilitate recurring security risk assessments across business functions and technology environments.
Compliance and Audit Support
Coordinate internal and external information security assessments and audit activities.
Support security requirements related to contractual, regulatory, customer, and industry obligations.
Manage audit findings, corrective action plans, evidence coordination, and remediation tracking.
Prepare management reports and metrics related to compliance and security program effectiveness.
Security Awareness and Training
Develop and support security awareness and training activities.
Promote practical security behavior across the organization.
Provide guidance to employees, management, and stakeholders on security responsibilities.
Third-Party and Vendor Security
Support third-party security risk management activities.
Perform security reviews of vendors, service providers, and business partners.
Track vendor security risks and coordinate remediation where required.
Security Program Management
Support planning and execution of security initiatives, projects, and strategic objectives.
Measure and report on information security prog
Identify opportunities to improve security governance processes and reduce operational friction.
Act as a central point of coordination and escalation for governance, risk, compliance, and security assurance matters.
OUT OF SCOPE:
Security Operations Center management.
Security incident response execution or technical investigation ownership.
Security engineering, architecture, or tool administration.
Endpoint detection and response platform ownership.
Vulnerability scanning operations and patch execution.
Identity and access management platform administration.
Network security operations or firewall administration.
SECONDARY RESPONSIBILITIES:
Participate in strategic security projects and security improvement initiatives.
Support business continuity and disaster recovery governance activities where required.
Assist with security-related customer, partner, and vendor questionnaires.
Support annual policy reviews, documentation updates, and security reporting activities.
Research emerging security risks, regulatory expectations, and industry practices relevant to the business.
Contribute to continuous improvement of security governance workflows and stakeholder engagement.
QUALIFICATIONS:
5+ years of experience in information security, cybersecurity, risk management, governance, compliance, audit, or a related field.
Strong understanding of information security principles, governance practices, and risk management processes.
Experience coordinating security audits, assessments, findings, and remediation activities.
Experience developing, maintaining, or supporting security policies, standards, procedures, and awareness programs.
Strong written and verbal communication skills.
Demonstrated ability to influence stakeholders across multiple business functions and regions.
Strong analytical, organizational, and problem-solving skills.
Ability to manage multiple priorities and deliver outcomes in a matrixed global environment.
EDUCATION AND EXPERIENCE:
Bachelor's degree in Information Security, Cybersecurity, Information Technology, Risk Management, Business Administration, or a related discipline is preferred.
An equivalent combination of education, professional certification, and relevant experience may be considered.
Professional certification such as CISSP, CISM, CRISC, CGRC, ISO 27001 Lead Implementer, or equivalent.
Should you not receive any response within two weeks of applying, please consider your application unsuccessful.
Skills
Industries
Haven't found the perfect position in our Job Search?
At Top Vitae, we understand that the right opportunities might not always be immediately available. That’s why we encourage you to submit your CV, even if you haven’t found the job you’re looking for in our search.
By sharing your CV with us, you’ll be tapping into our extensive network of leading employers across various industries. Our dedicated team will proactively seek out opportunities that match your skills, experience and career aspirations. When the ideal position pops up, you’ll be the first to know.
Read our blog to create a CV that stands out. Then submit it here.
Join the Top Vitae community today.
