1. Main page
    2. /
  2. IT/Programming
    3. /
  3. Information Security Management System
    4. /
  4. Information Security Manager

Information Security Manager

Office
Full-time
Information Security Management System

About the company:

A data center operator providing cloud and telecommunications services, premium-class colocation, and information security solutions.


Key responsibilities:

  • Planning and implementing an Information Security Management System (ISMS) in compliance with the ISO/IEC 27001:2022 standard (risk assessment and management, user awareness training, third-party requirements management, incident management, business continuity, etc.).
  • Assessing the current maturity level and resource allocation for information security, developing plans for ISMS improvement, strategic planning, and budget management (risk profile, risk mitigation strategy, impact assessment on key company services, investment attractiveness evaluation, budget planning and justification based on the company's risk profile).
  • Designing the information security architecture, planning the implementation, and overseeing the operation of technical security solutions (direct administration of security tools is handled by IT departments).
  • Developing and maintaining up-to-date organizational and regulatory documentation in the field of information security.
  • Organizing and executing compliance with legal requirements in information protection (personal data, state secrets, cryptographic protection).
  • Conducting training and briefings for employees (raising awareness on information security).
  • Leading incident response and investigation processes. Conducting and supporting internal and external audits.


Key requirements:

  • 3+ years of relevant experience.
  • Higher education in information security or professional retraining in information protection (minimum 500 hours).
  • Experience in implementing ISMS projects in accordance with ISO/IEC 27k standards.
  • Project management skills, ability to set tasks correctly and monitor their execution.
  • Ability to understand business needs, identify security risks, and translate them into security requirements and relevant metrics.
  • Knowledge of modern security tools (FW, NGWF, IPS/IDS, WAF, AntiDDoS, SIEM, EDR, etc.) sufficient to communicate effectively with IT experts.
  • Knowledge of Russian legislation in information protection.
  • Presentation skills for both management and IT specialists.
  • Understanding the relationship between security requirements, implemented measures, and actual system protection.
  • General competence, responsibility, willingness to learn, systematic approach to tasks, and ability to articulate thoughts clearly in written and verbal form.


Preferred qualifications:

  • Information security certifications: Lead Implementer/Lead Auditor ISO 27001, CISM, CISA, CISSP, CRISC, or similar.
  • Project management certifications: PME/PMP.
  • Knowledge of IT and security frameworks (ITIL, COBIT, NIST, etc.).
  • Intermediate English proficiency.


Additional information:

  • Office located a 7-minute walk from Volgogradsky Prospekt/Dubrovka metro stations, Moscow (hybrid work possible).
  • Full-time employment.
  • Private health insurance and corporate mobile plan.