The Information Security Policy Administrator / Manager is responsible for designing, implementing, managing, and enforcing the organizations information security framework.

This role ensures the confidentiality, integrity, and availability of information systems by establishing security policies, implementing IT security controls, managing identity and access, protecting infrastructure, and mitigating cybersecurity threats across the organization.

Key Responsibilities :

Information Security Governance & Policy :

- Develop, implement, and maintain information security policies, standards, procedures, and guidelines.

- Ensure alignment with industry standards (ISO 27001, NIST, CIS, etc.) and regulatory requirements.

- Conduct periodic reviews and updates of security policies based on risk assessments and emerging threats.

- Ensure organization-wide awareness and compliance with security policies.

Identity & Access Management (IAM) :

- Design and manage Identity and Access Management (IAM) frameworks.

- Implement role-based access control (RBAC), least-privilege access, and segregation of duties.

- Manage user lifecycle (provisioning, modification, deprovisioning).

- Enforce multi-factor authentication (MFA), password policies, and privileged access management (PAM).

Cybersecurity & Threat Protection :

- Implement and manage cybersecurity controls including firewalls, endpoint protection, EDR/XDR, antivirus, and intrusion detection/prevention systems (IDS/IPS).

- Monitor security events, logs, and alerts; investigate and respond to incidents.

- Coordinate incident response, root cause analysis, and remediation activities.

- Conduct vulnerability assessments and coordinate penetration testing.

Infrastructure & Hardware Security :

- Secure servers, network devices, endpoints, and hardware assets.

- Implement encryption for data at rest and in transit.

- Manage device hardening, patch management, and secure configuration baselines.

- Ensure physical security controls for IT infrastructure and data centers.

Risk Management & Compliance :

- Identify, assess, and mitigate information security risks.

- Maintain risk registers and security control documentation.

- Support internal and external audits and compliance assessments.

- Ensure third-party and vendor security risk assessments are conducted.

Security Architecture & Controls Implementation :

- Design and implement technical and administrative security controls.

- Work closely with IT, cloud, and application teams to embed security into systems and processes.

- Support secure cloud adoption (Azure, AWS, GCP) including IAM, logging, and network security.

Training & Awareness :

- Develop and deliver security awareness training programs.

- Promote a strong security culture across the organization.

- Act as a security advisor to business and IT teams.

Leadership & Coordination (Managerial Scope) :

- Lead and mentor security administrators or analysts (if applicable).

- Manage security projects, timelines, and deliverables.

- Report security posture, risks, and incidents to senior management.

Required Skills & Competencies :

Technical Skills :

- Identity & Access Management (IAM, MFA, PAM).

- Cybersecurity tools (Firewall, EDR/XDR, SIEM, Antivirus).

- Network and endpoint security.

- Vulnerability management and incident response.

- Cloud security fundamentals.

- Encryption, key management, and data protection.

Governance & Soft Skills :

- Strong understanding of security frameworks (ISO 27001, NIST, CIS).

- Policy writing and documentation skills.

- Risk assessment and analytical thinking.

- Strong communication and stakeholder management.

- Ability to balance security requirements with business needs.