On behalf of our client an international company operating in the aviation industry, we are looking for Information Security Manager.

Information Security Manager is a senior member with a critical role in ensuring the security and operational excellence of the company. The Information Security Manager manages and directs all aspects of the company’s cybersecurity strategy and program, ensuring the security and secure integration of technical applications as well as the confidentiality, availability, and integrity of the company’s data and client data entrusted to the company. The Information Security Manager is responsible for developing, implementing, and maintaining reasonable risk-based administrative, technical, and physical safeguards across a global infrastructure, inclusive of vendor management. The Information Security Manager is a core member of the company’s incident response team and plays a leading role in ensuring preparedness and world-class response to security... events.

Position’s duties and responsibilities

Cybersecurity Governance and Risk Management
• Develops and implements the company’s comprehensive cybersecurity strategy, reflecting the company’s operational drivers and desired business outcomes, risk tolerance, and evolving risks, threats, and vulnerabilities.
• Develops senior leader awareness and buy-in of cybersecurity program and initiatives, including reporting to leadership on cyber initiatives and strategy, program assessments, changes to risk profiles, and specific events.
• Establishes, with senior leaders, cyber risk thresholds and risk management approach.
• Builds and implements cyber risk quantification and risk prioritization of initiatives.
• Develops protocols to periodically review the appropriateness of the cybersecurity program, inclusive of administrative and technical controls and processes, with such review to include risk assessments, industry standard compliance reviews, and periodic, risk-based penetration testing.
• Develops vendor cybersecurity risk management program.
• Coordinates with senior leadership to ensure adequate resourcing of cybersecurity program.

Cybersecurity Program Management
• Oversees people, processes, and technology at all levels of the cybersecurity program to enable global operations.
• Develops and maintains all relevant information security policies and procedures, including for network infrastructure, specific applications, and services.
• Develops and maintains designated risk-based cyber safeguards, including access controls, MFA, encryption, asset classification, change management, patch management, network segmentation, firewalls, detection technologies including network and endpoint security, insider threat protection, logging and network monitoring, and vulnerability management.
• Develops secure lifecycle processes and operations, reflecting risk, threat, and vulnerability identification.
• Ensures continuous monitoring of the threat landscape and modify security technologies and procedures as appropriate.
• Manages cybersecurity audits, inclusive of security audits and RFPs.
• Oversees development and implementation of role-based cybersecurity awareness programs and trainings.
• Manages, in close collaboration with technology team, all aspects of security for technology initiatives.
• Conducts regular internal and coordinate external security assessment, penetration tests, to proactively test the effectiveness of security controls.
• Coordinates with compliance on remediation and program management.
• Assists in the design and implementation of disaster recovery procedures, integration points with business continuity and managing the rollout of IT-enabled recovery and continuity procedures.

Incident Response and Coordination
• Maintains the company’s Incident Response Plan, including incident escalation framework and key incident-specific playbooks (e.g., ransomware), and serves as lead cybersecurity representative in incident response.
• Ensures appropriate tactical incident response protocols and processes to detect, respond, and remediate cybersecurity events.
• Oversees investigation capability, to include leveraging internal and external forensics and evidence collection and preservation as appropriate.
• Maintains the company’s Business Continuity and Disaster Recovery (BC/DR) Response Plan, and serves as lead member of disaster recovery team.
• Conducts tabletop exercises to build response capability at all levels (e.g., tactical security response through strategic leadership response).
• Leads after-action reviews and identifies and implements lessons learned to drive security improvements.

Positions’ requirements
• Ability to manage and lead multiple complex projects in a fast-paced, dynamic operational environment, including ability to support flexible schedule for 24×7 crisis operations.
• Demonstrated ability to diagnose complex system problems and develop innovative solutions.
• Demonstrated ability to participate in cross-functional planning, coordination, and task execution situations involving the full spectrum of system integration.
• Excellent oral and written communication skills, including ability to express complex technical concepts effectively, both verbally and in writing, and the ability to effectively communicate to a variety of stakeholders with varying levels of technical expertise and seniority.
• Ability to effectively and collaboratively negotiate among stakeholders, including third parties, with conflicting needs to drive alignment on key security matters.
• Innovative problem-solver with strong critical thinking skills and action-oriented decision-making.
• Excellent judgment and ability to successfully lead in crisis situations.
• Growth mindset and commitment to learning.
• Demonstrates mature understanding of the sensitive nature of our business and the importance of ensuring the protection of the company’s data and the data entrusted to us.
• Collaborative and enthusiastic team player.
• Bachelor’s degree in a technical field; the ideal candidate will have a graduate degree in a technical field with at least 10 years of prior relevant experience.
• Relevant certifications such as CISSP, CISM, GIAC GSE, SANS etc. highly preferred.
• Detailed technical expertise of cloud architectures, especially Microsoft Azure and AWS, networks, routers and switches, wireless technologies, active directory, and leading software applications.
• Expert level knowledge of developing and implementing defense-in-depth security program, including installing, deploying, documenting, and troubleshooting network perimeter security technologies such as firewalls, proxy servers, intrusion prevention/detection (IDS/IPS), anti-virus, anti-malware, and unified threat management (UTM).
• Experience implementing a risk management framework and leveraging governance, risk, and compliance (GRC) concepts and tools.
• Experience maintaining ISO 27001 certification and other industry standards, such as NIST CSF, NIST 800-53 and NIST 800-171, as appropriate, and working knowledge of Zero Trust architecture.
• Experience overseeing vendor security audits and developing, implementing, and maintaining a vendor risk management program
Larnaca Cyprus

Salary Criteria