Digital Solutions - Information Security Governance & Communications Manager

24 October 2024

Who we are:

There has never been a more exciting time to join the Digital Solutions business unit at CACI LTD. CACI helps clients transform their businesses using data and technology to meet current and future challenges.

Essential Duties and Responsibilities:

We are seeking a highly skilled Information Security Governance & Communications Manager to join our team. The role involves improving the security posture and awareness within our client’s organization, overseeing cyber security aspects including risk assessments, vulnerability management, and integrating security best practices into the software development lifecycle. The candidate will collaborate with the Information Security Team to ensure application compliance with industry standards and regulations.

A key part of the role is managing communication and reporting functions, providing regular updates to senior management, stakeholders, users, and development teams regarding security risks, remediation efforts, and security posture. The officer will also lead security audits and assessments and work with cross-functional teams to implement improvements.

Key Responsibilities:

1. Application Security Management

• Ensure applications adhere to security policies and standards, complying with industry regulations and internal policies.
• Support security assessments, including vulnerability testing, penetration testing, and risk assessments.
• Collaborate with technical teams to incorporate security into the SDLC, including secure coding, testing, and threat modeling.
• Monitor and manage security incidents related to applications, ensuring prompt resolution.
• Align application security controls with standards such as GDPR, ISO 27001, PCI DSS, etc.

• Communicate security risks, vulnerabilities, and remediation efforts to relevant stakeholders.
• Prepare and present security reports to senior management, highlighting security status, risks, and compliance.
• Act as a liaison between security teams and application stakeholders to ensure alignment.
• Manage relationships with third-party vendors, ensuring security standards are met.
• Coordinate with auditors, review audit reports, and track audit findings.
• Participate in the Quality and Security forum and promote awareness within the organization.
• Enforce security policies and procedures, and communicate security requirements effectively.
• Assist with supplier and customer due diligence activities.
• Continuously evaluate and improve security policies and practices.

Additional requirements include attention to detail, experience with ISO standards, managing confidential information, working under pressure, excellent communication skills, and a proactive approach to security management.

Experience:

• 5-7 years in information security, with at least 3 years in application security.
• Proven experience managing security across large application portfolios.
• Familiarity with security frameworks and compliance standards such as NIST, ISO 27001, GDPR, PCI-DSS.
• Strong leadership skills and experience managing security projects and teams.