CrawlJobs Logo

Information Security Policy Manager

United States, Greenwich Employment contract 250000.00 - 260000.00 USD / Year · Job Posted May 16, 2026
Apply Position
Job Link Share

Job Description

Our client is looking to fill the role of Information Security Policy Manager. The Information Security Policy Manager develops, maintains, and communicates information security policies aligned to regulatory requirements, industry best practices, and control environment and risk appetite. This role is responsible for formal information security policy library, ensuring security program is supported by well-considered policy mandates.

Job Responsibility

  • Maintain and extend information security policy library to align with regulatory requirements, business risk appetite, industry-accepted risk frameworks, and control environment
  • Coordinate and drive the development, review, and update of information security policies and standards based on identified need and defined maintenance intervals
  • Map security policies to, and analyze gaps against, applicable risk and regulatory frameworks and laws, such as DORA, FFIEC, NIST CSF
  • Support security-related external assessments, audits, and regulatory examinations by providing evidence of compliance
  • Partner with the Information Security Controls Manager to ensure policies are supported by appropriate controls and testing procedures
  • Evaluate security controls, identify opportunities for improvement, and communicate constructive recommendations
  • Other duties, as assigned

Requirements

  • 7+ years of experience in information / cyber security experience, including 3+ years developing and managing information security policies in a regulated industry (preferably financial services) and 3+ years hands-on, technical cybersecurity roles
  • Fluent understanding of regulatory requirements affecting cybersecurity, including DORA, SEC, FFIEC, and common regulations issued in Europe (EBA) and APAC (SFC, MAS)
  • Working familiarity with common security frameworks, including NIST CSF and ISO 27001/27002
  • Prior experience as owner of policies or technical standards documentation
  • Experience as lead responder to regulatory examinations, audit requests, and client due diligence questionnaires related to policy and compliance
  • Proven ability to write clear, actionable policies addressing complex regulatory and technical requirements, grounded in industry accepted practices and risk management concepts, and based on existing controls and technology environments
  • Experience working with GRC (Governance, Risk, and Compliance) tooling a plus
  • Experience building cross functional consensus as an individual contributor
  • Bachelor’s degree in Information Security, Computer Science, Information Technology or a related field, or equivalent experience
  • CISM certification a plus

Nice to have

  • Experience working with GRC (Governance, Risk, and Compliance) tooling a plus
  • CISM certification a plus

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Information Security Policy Manager

8 matching positions

Sr. Manager, Information Technology and Information Security Risk

Sr. Manager, Information Technology and Information Security Risk Hybrid Work Sc...
Location
Location
United States , Reston
Salary
Salary:
Not provided
tier4group.com Logo
Tier4 Group
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Information Security, Cybersecurity, Risk Management, or related fields (or equivalent work experience) preferred
  • 8–10 years of relevant experience in information security or risk management roles with experience in financial services, banking, payments, fintech, or related regulatory environments preferred
  • Experience with data analytics and visualization tools (e.g., Power BI, Tableau, or Python)
  • Experience working in a regulated financial services or technology environment
  • CRISC, CISSP, CISM, Security+ or CGEIT or similar certifications
Job Responsibility
Job Responsibility
  • Evaluate and provide independent challenge regarding the alignments of the organization’s IT and IS strategy with enterprise business objectives, risk appetite, and regulatory expectations
  • Review and assess the adequacy of information technology and security risk assessments across applications, infrastructure, and business processes
  • Partner with IT project teams to influence decisions related to technology architecture, cybersecurity controls, system implementations, and operational risk mitigation strategies
  • Evaluate new and existing systems, platforms, and SAAS integrations for cybersecurity risks and regulatory compliance impacts
  • Conduct third party and vendor security risk assessments, including review of SOC 1/SOC 2 reports, SIG questionnaires, penetration testing results, and remediation plans to ensure vendor information security practices align with OF expectations
  • Provide effective second-line oversight and credible challenge related to cybersecurity incidents, operational disruptions, and emerging technology risks, including analysis of potential impacts to customer data, financial systems, and regulatory obligations
  • Collaborate with business units and technology teams to identify, document, and monitor risks, ensuring remediation activities meet regulatory timelines and internal risk appetite
  • Oversee the implementation of information technology and security risk management policies and the Cyber-Security Incident Response Plan
  • Conduct cyber security awareness training and education through periodic email phishing tests, in-person and computer-based training, presentations to employees, and security related tabletop exercises
  • Monitor the status of remediation for IT and IS related issues and ensure that the remediation documentation is complete and adequate
  • Fulltime
Read More
Arrow Right

Information Security Manager

Implement and maintain information security policies, standards, and procedures....
Location
Location
Egypt , New Cairo
Salary
Salary:
Not provided
ethicshr.com Logo
Ethics HR
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s/Master’s degree in Information Technology, Computer Science, Cybersecurity, or related field from a reputable university
  • Minimum of 8 years of experience in information security, with at least 3 years in a managerial role
  • Strong knowledge of IT security frameworks, CBE cybersecurity guidelines, and regulatory compliance
  • Experience in vulnerability management, incident response, and security operations
  • Excellent analytical, problem-solving, and communication skills
  • Preferred certifications include CISSP, CISM, ISO 27001 Lead Implementer/Auditor, or CEH
Job Responsibility
Job Responsibility
  • Implement and maintain information security policies, standards, and procedures
  • Conduct regular security audits, risk assessments, and vulnerability assessments
  • Monitor security events, investigate incidents, and coordinate remediation activities
  • Collaborate with IT and business teams to ensure secure system design and deployment
  • Maintain and update access control mechanisms, encryption standards, and authentication protocols
  • Ensure compliance with relevant cybersecurity and data protection regulations
  • Provide training and awareness programs to staff on information security best practices
  • Prepare reports on information security metrics, risks, and incidents for senior management
  • Fulltime
Read More
Arrow Right

Principal Information Security Manager

This is not a build-from-scratch role. It is a step up in maturity: fewer manual...
Location
Location
Germany , Berlin
Salary
Salary:
Not provided
staffbase.com Logo
Staffbase
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of hands-on InfoSec experience in a SaaS or B2B tech company
  • Proven ownership of ISO 27001 and/or SOC 2 programs
  • Track record of representing InfoSec to enterprise customers, including security reviews and escalations
  • Fluent in German and English
  • Comfortable with AI-driven tooling
  • actively looks for automation opportunities in compliance and operations
Job Responsibility
Job Responsibility
  • Lead ISO 27001 and SOC 2 audit cycles end-to-end in preparation, evidence collection, auditor management, and findings remediation
  • Own the control framework and ensure it stays current as the business evolves
  • Prepare the InfoSec program for investor and M&A due diligence scrutiny
  • Own the response to enterprise customer security questionnaires and RFPs
  • Represent Staffbase credibly in customer security reviews, calls, and audits
  • Build scalable approaches (automation, templates, knowledge base) to reduce response time without sacrificing quality
  • Maintain the risk register and drive risk treatment decisions with relevant stakeholders
  • Own vendor security assessments for critical and high-risk suppliers
  • Partner with Procurement and Legal on AI-assisted review workflows
  • Own the internal security policy framework, keep it current, understandable, and enforced
What we offer
What we offer
  • attractive salary packages including LTIP (unit-based Long Term Incentive Plan)
  • flexible working time models and the option of hybrid work
  • yearly flex work allowance of €1560
  • 31 vacation days annually (incl. one floating holiday)
  • pro rata fully paid Fridays off during August
  • company pension scheme
  • one day off per year for supporting a social project (Volunteers Day)
  • Fulltime
Read More
Arrow Right

Client Information Security Manager (ISM)

The NTT DATA Services Information Security Manager (ISM) oversees and coordinate...
Location
Location
United States , Plano
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 12+ years of relevant experience
  • Strong knowledge of standards / regulations impacting information security (e.g., NIST, ISO, PCI)
  • Experience with information security internal & external audits, contract compliance, and quality initiatives
  • Significant experience in identifying and utilizing a global risk based management model.
Job Responsibility
Job Responsibility
  • Ensure the delivery of information security services to the customer is in compliance with the contract and any applicable standards and regulatory requirements (e.g., PCI, SOX)
  • Collaborate with the client in the definition and implementation of information security policies, strategies, procedures and configurations in order to ensure confidentiality, integrity and availability of client’s environment and data
  • Participate with the customer in the strategic design process to translate security and business requirements into processes and systems
  • Evaluate new / emerging security products and technologies and make recommendations to customer leadership in regards to the security posture impact on the organization
  • Identify, review and recommend information security improvements as they relate to the achievement of the customer’s business goals and objectives
  • Manage and drive remediation efforts related to information security
  • remediation may be from incidents, penetration tests, vulnerability scans, internal/external audits and Critical Practice assessments
  • Identify information security weaknesses and/or gaps in the customer’s current operations and work with the customer to bring information security operations up to standards
  • Participate and represent IT Security in Delivery/Operational meetings
  • conduct an information security operational review meeting with account (e.g., Customer Delivery Executive) and customer (e.g., CISO) key stakeholders with topics including information security status and performance
  • Fulltime
Read More
Arrow Right

Senior Manager, Information Security Office (AI) Consultant

At Capital One, the AIML Division is working to bring the transformative power o...
Location
Location
United States , McLean; Plano; Richmond; New York
Salary
Salary:
209000.00 - 286200.00 USD / Year
capitalone.com Logo
Capital One
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • High School Diploma, GED or equivalent certification
  • At least 6 years of experience working in cybersecurity or information technology
  • At least 5 years of experience providing guidance and oversight of cyber security concepts
  • At least 5 years of experience performing cyber security risk assessments or cyber security architecture reviews
  • At least 4 years in securing a public cloud environment
  • At least 3 years of experience with API security, observability, cloud access control and privacy best practices
Job Responsibility
Job Responsibility
  • Lead the development of secure, enterprise grade AI/ML and agentic AI solutions
  • Establish Ai-First SDLC practices and build scalable platforms
  • Design and implement security controls for AI/ML systems, including LLM applications
  • Conduct threat modeling, risk assessments and security reviews using frameworks such as NIST AI RMF, OWASP, and MITRE ATLAS
  • Define and enforce AI Model guardrails, safety standards, and governance policies
  • Identify and mitigate risk in open -source AI ML models
  • Build and scale processes for AI security testing, monitoring and stress validation
  • Partner with engineering, research, and security teams to deliver secure and compliant AI solutions
  • Advise senior leadership on AI cybersecurity risks, strategy, and regulatory considerations
  • Drive continuous improvement through vulnerability assessments, risk remediation, and security innovation
What we offer
What we offer
  • performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI)
  • comprehensive, competitive, and inclusive set of health, financial and other benefits
  • Fulltime
Read More
Arrow Right

Information Security Manager

We are looking for an Information Security Manager to join a growing, internatio...
Location
Location
Denmark
Salary
Salary:
Not provided
life-science-talent-solutions.dk Logo
Life Science Talent
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A bachelor's or master's degree within information security, law, technology, business, or another relevant discipline
  • Around 3–5 years of experience within information security, risk management, compliance, or continuity planning
  • A strong process mindset and an ability to build fit-for-purpose security governance
  • Familiarity with cybersecurity regulations and frameworks such as NIS2, GDPR, ISO 27001, or comparable regulatory frameworks
  • Experience working with security policies, control frameworks, risk registers, audits, or compliance documentation
  • The ability to communicate clearly with both technical teams and business stakeholders
  • A pragmatic and proactive mindset, with a strong interest in continuously improving security maturity
Job Responsibility
Job Responsibility
  • Driving the implementation and execution of information security controls aligned with frameworks and regulations such as ISO 27001, GDPR, NIS2, and relevant IT financial controls
  • Supporting and improving the company’s Information Security Management System
  • Driving risk assessments, control evaluations, and remediation activities
  • Collaborating with business stakeholders to ensure security requirements are built into processes, systems, and ways of working
  • Preparing security reporting, risk summaries, and governance documentation for senior stakeholders
  • Supporting internal audits, external assessments, and compliance activities
  • Strengthening security awareness, training, and the overall security culture across the organisation
Read More
Arrow Right

Manager Information Security Office (ISO), Enterprise Data

Manager Information Security Office (ISO), Enterprise Data
Location
Location
United States , McLean, Virginia
Salary
Salary:
197300.00 - 225100.00 USD / Year
capitalone.com Logo
Capital One
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • High School Diploma, GED or equivalent certification
  • At least 4 years of experience working in cybersecurity or information technology
  • At least 1 year of experience providing guidance and oversight of Security concepts
  • At least 1 year of experience performing security risk assessments and security architecture reviews
  • At least 1 year of experience with architecture, software design, networking, and cloud infrastructure
Job Responsibility
Job Responsibility
  • Act as a central Information Security point of contact for Capital One’s Enterprise Data organization
  • Coordinate and execute proactive Information Security consulting to the business and technology teams covering API Security, File Transfer, Infrastructure Security, Resiliency, Data Security, Network Architecture and Design, Datalake Architecture, BI, and consumption tools, and User Access Management
  • Serve as an expert in Capital One’s Information Security capabilities, solutions, policies, procedures and standards
  • Influence customers to leverage security capabilities and solutions to shift and integrate security to the left in the development processes
  • Escalate and manage cyber security risk
  • Provide ad hoc support on special Information Security hot topics for the business
  • Provide regular updates to executive leadership with your line of business on the overall Information Security health and risk environment
  • Work with line of business leadership to anticipate their objectives and needs to better serve the line of business
What we offer
What we offer
  • Performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI)
  • comprehensive, competitive, and inclusive set of health, financial and other benefits
  • Fulltime
Read More
Arrow Right

Business Continuity and Information Security Manager

Who we are: NTT DATA is a leading global provider of infrastructure and platform...
Location
Location
Romania , Brasov
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master’s degree ideally complemented by certifications such as ISO 27001 (ISO 27XXX) and ISO 22301 (ISO 223XX)
  • Minimum 3- 5 years of experience in security services, including a minimum of 3 years in information security management
  • Solid hands-on experience in business/service continuity management within security-focused environments (e.g., firewalls, proxies, reverse proxies, load balancers, remote access)
  • Good understanding of network environments such as SD-WAN (e.g., Juniper) is an advantage
  • Experience in risk management, audits, and compliance frameworks, with a strong grasp of regulatory requirements and security policy implementation
  • Experience with ISMS frameworks and have contributed to the development and deployment of security management systems
  • Clear and structured documentation, strong analytical and organisational skills, and the ability to manage complex environments
  • Ability to communicate effectively with both technical and non-technical stakeholders and demonstrate strong interpersonal skills
  • Excellent command of both spoken and written English, French would be considered a plus
Job Responsibility
Job Responsibility
  • Joining the team responsible for operating the European Commission’s Network Managed Services under the NMS III framework contract
  • Working in a large-scale, multi-site infrastructure environment across Brussels and Luxembourg
  • Managing responsibilities across business continuity, service continuity, and information security management
  • Acting as the main interface between the organisation and the customer for continuity and security-related matters
  • Leading crisis management escalations and supporting effective communication during major incidents
  • Developing, maintaining, and improving business continuity and disaster recovery strategies
  • Defining, testing, and improving continuity and disaster recovery scenarios
  • Ensuring agreed recovery objectives are met and gaps are addressed through continuous improvement
  • Managing continuity-related risks and maintaining clear process documentation
  • Planning and coordinating regular continuity and disaster recovery exercises
What we offer
What we offer
  • Smooth integration and a supportive mentor
  • Remote, Hybrid or Office work opportunities
  • Different working hours to suit your needs
  • Sponsored certifications, trainings and top e-learning platforms
  • Private Health Insurance – custom-made for you
  • Individual coaching sessions or accredited Coaching School
  • Epic parties or themed events for employees and their families
  • Fulltime
Read More
Arrow Right