Manager Information Security

About Afiniti

At Afiniti, we are a leading provider of artificial intelligence technology that elevates the customer experience by making moments of human connection more valuable. Our mission is rooted in a simple yet powerful idea: understanding patterns of human behavior enables us to predict how people will interact and create meaningful connections.Using our patented AI technology, we revolutionize the contact center industry by pairing customers with the most compatible contact center agents. By doing so, we enhance the entire customer journey, resulting in exceptional experiences and improved outcomes for all parties involved.Our transformative technology has generated billions of dollars in incremental value for our esteemed clients, which include Fortune 500 companies across diverse industries such as financial services, telecommunications, travel, and hospitality. We take pride in our global reach and impact, with our solutions being leveraged by organizations around the world.To learn more about Afiniti and the groundbreaking work we do, visitwww.afiniti.com .About the role

Sr. Manager Information Security - IstanbulThe Sr. Manager Information Security will be responsible for ensuring their organization meets their cyber security standards and objectives. This will involve setting security requirements and baselines, evaluating design proposals, and working with other technical leads (internal and external) to mitigate risk. In addition, it includes program and project management duties.Key ResponsibilitiesDeveloping and implementing robust security strategies and policies to protect the company's assets, employees, and facilities.Assessing potential risks and vulnerabilities, investigating security breaches, and reinforcing appropriate measures to mitigate them.Leading and managing a team of security personnel, including hiring, training, and performance management.Collaborating with cross-functional teams to ensure integration of security requirements into business processes and projects.Conducting regular security assessments, audits, and inspections to identify gaps and areas for improvement.Maintaining and updating emergency response plans, ensuring all employees know their roles and responsibilities.Collaborating with external stakeholders, such as law enforcement agencies and security vendors, to enhance security measures and respond to incidents.Fostering a culture of security awareness and training employees on security protocols and procedures.Supports the development, implementation, monitoring, and communication of the cybersecurity program and related activities.Designs, develops, and tests cybersecurity features, as microservices and cross-platform shareable components with high-quality design.Designs, implements, and maintains cybersecurity policies and procedures such as data access controls, acceptable use of technology, password management, and incident reporting procedures.Translates technical cybersecurity requirements into clear, actionable policies that employees can understand and follow.Monitors and audits compliance of cybersecurity policies to identify gaps.Reviews existing cybersecurity policies post-security incidents to identify improvements.Manages multi-functional team coordination, opportunity screening, benefit/cost analysis, vendor selection, schedule and budget oversight, management of consultants/contractors, issue resolution, and reporting.Coordinates with internal and external legal, contracting, procurement, finance, and communications departments to ensure successful project rollout and streamline communications.Presents cybersecurity program status reports to senior management.Performs review and validation of all deliverables for SOC, Incident Response (IR), Threat Intelligence, Threat Hunting, and other customer-assigned activities.Provides metrics and artifacts supporting audit activities.Performs cybersecurity operations management and project management.Ensures project-defined deliverables are provided on time and have been quality reviewed (e.g., SOPs, Configuration Guides, Training Documentation, Project Schedules).Provides knowledge and expertise in government regulatory processes and documentation, including but not limited to Risk Management Approach (RMA), National Institute of Standards and Technology (NIST) standards, and policies and procedures.Develop and update the cybersecurity policy for the organization's cloud computing environment.Oversees security activities such as access control, incident management, response, forensics, and reporting.Works with external stakeholders to understand operational needs and develop effective processes.Maintains a current understanding of industry trends, emerging cyber threats, and new solutions which may impact the environment.Works with key stakeholders across the organization to ensure that the cybersecurity program aligns with business objectives, mission, and values by developing comprehensive strategies and tactics.Minimum QualificationsBS or MA in computer science, information security, cybersecurity, or a related field.(3+) years of experience in cybersecurity, IT audit, or enterprise risk management (ERM) role.(3+) years of experience with regulatory compliance and information security management frameworks (e.g., ISO 27000, ISO 27701, SOC2, SOC1, PCI, NIST 800, etc.) NIST CSF.Desired, but not required:Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM).FedRamp.Preferred QualificationsExperience in program and project management.Experience in cybersecurity strategy planning.Experience identifying and assessing risks to the organization's business.Experience crafting and executing Information Security initiatives, including capturing and redefining requirements into impactful work items.Experience driving cross-functional initiatives according to plan and timelines.Experience with some cybersecurity technologies and systems, such as firewalls, intrusion detection systems, and security information and event management (SIEM) systems.Experience with cybersecurity frameworks and standards (such as the NIST Cybersecurity Framework and ISO/IEC 27001).Knowledge of the organization's enterprise information technology (IT) goals and objectives.Knowledge of the organization's core business objectives and processes.Knowledge of risk threat assessment.Ability to leverage research from various sources such as government research, think tanks, academic research, and industry reports.Location/Remote work statement

This is a hybrid opportunity required to work in EST Hours.#J-18808-Ljbffr