Information Security Manager

Information Security Manager is responsible for developing and managing Information Systems cyber security, including disaster recovery, database protection and software development. Manages IS security analysts to ensure that all applications are functional and secure. Being an Information Security Manager develops and delivers IS security standards, best practices, architecture and systems to ensure information system security across the enterprise. Implements procedures and methods for auditing and addressing non-compliance to information security standards. Additionally, Information Security Manager migrates non-compliant environments to compliant environments. Evaluates the organization to ensure compliance with standards and relevance with industry security norms. Requires a bachelor’s degree. Typically reports to a director. The Information Security Manager manages subordinate staff in the day-to-day performance of their jobs. True first level manager. Ensures that project/department milestones/goals are met and adhering to approved budgets. Has full authority for personnel actions. To be an Information Security Manager typically requires 5 years experience in the related area as an individual contributor. 1 – 3 years supervisory experience may be required. Extensive knowledge of the function and department processes.

Information Security Manager Job Description Template

Our company is looking for a Information Security Manager to join our team.


  • Custodian of the Information Security Risk and Issue Register;
  • Participating in engagements with appropriate industry bodies and other organisations as required to capture best practice and thought leadership;
  • Development of security standards and baselines as well as drive policy compliance and enforcement;
  • Development and management of Key Performance Indicators (KPIs), Management Information (MI) and the setting and management of risk appetite;
  • Supporting the Head of Information Security in the security strategy and target operating model;
  • Co-ordination and production of management reports for various stakeholders and governance forums.


  • Experience of managing security incidents and IT security risks;
  • NIST;
  • A relevant degree or equivalent experience an advantage. [Bullet Point]
  • Understanding of the latest technologies, trends and emerging best practices in cyber/information security space;
  • Perform regular security reviews, risk assessments and audits of policy compliance;
  • Develop and maintain the information security risk register;
  • Manage external client, vendor and supplier assessments and security maturity;
  • Minimum 5 years’ experience;
  • Identifies what needs to be done and can take independent action when the situation requires it;
  • Manage day to day security solutions across all technology fields working in partnership with IT;
  • CIS;
  • NCSC;
  • Proven practical problem solving and analysis experience;
  • Embed Information Security into key processes, procedures and working practises;
  • Good time management and prioritisation skills.