Manager, Information Security

At Athena, we empower possibility through transformative delegation. True leaders reflect on what they want in life and map the path to get there. We clear the way by pairing exceptional Philippine-based EAs with our driven clients and ensuring both receive ongoing support throughout the journey. The result is 10x more leverage, more time, and a greater impact on our clients work and lives.

With a waitlist growing by the day, Athena has already showcased compelling demand. As part of the Athena team, you will have an exponential opportunity, empowering the fiercely ambitious to reach the most audacious goals.

Role Overview Our clients are ambitious, high-impact CEOs, founders, and execs. They have started 100+ companies, raised billions in venture capital, taken companies public, worked in the White House, invested in Facebook/Uber/ Airbnb, run professional sports teams, Governor of US states, and compete in Ironman races and the World Series of Poker.

They’ve joined Athena to get more leverage, more impact, more success and more time via their relationship with their top 1% Philippines-based Executive Assistant. They are world-class humans who want to get world-class at delegation.

The InfoSec Manager oversees and manages an organizations information security program including ensuring the confidentiality, integrity, and availability of the organizations information assets

Duties & Responsibilities

High-level Responsibilities

• Develop and Implement Security Policies:

• Design and enforce policies and procedures to protect the organizations information assets.

• Ensure compliance with legal and regulatory requirements related to information security.

• Risk Management:

• Conduct risk assessments to identify potential threats and vulnerabilities.

• Develop strategies to mitigate identified risks and implement security controls.

• Security Awareness and Training:

• Develop and deliver security awareness programs for employees.

• Ensure that staff understand and adhere to security policies and practices.

• Incident Response:

• Lead the incident response team in identifying, responding to, and recovering from security incidents.

• Conduct post-incident analysis to improve future incident response.

• Monitoring and Reporting:

• Implement and manage security monitoring tools to detect and respond to security threats.

• Prepare regular reports on the status of the organizations information security program.

• Collaboration and Communication:

• Work with other departments to ensure security is integrated into all aspects of the organizations operations.

• Communicate security risks and solutions to senior management and other stakeholders.

• Vendor Management:

• Evaluate and manage relationships with third-party vendors to ensure they meet security requirements.

• Conduct security assessments of vendors and service providers.

• Project Management:

• Lead security projects, including the implementation of new security technologies and initiatives.

• Ensure projects are completed on time and within budget.

Specific Responsibilities

• Develop and Implement Security Policies:

• Create, update, and enforce security policies, procedures, and standards.

• Ensure these policies align with industry best practices and regulatory requirements.

• Conduct Risk Assessments:

• Identify potential security risks and vulnerabilities within the organization.

• Perform regular risk assessments and audits to evaluate the effectiveness of existing security measures.

• Develop risk mitigation plans and strategies to address identified risks.

• Manage Security Operations:

• Oversee day-to-day security operations, including monitoring and responding to security incidents.

• Ensure proper configuration and management of security tools (e.g., firewalls, intrusion detection systems, antivirus software).

• Implement and manage security information and event management (SIEM) systems.

• Incident Response:

• Develop, implement, and manage incident response plans.

• Lead the response to security breaches, including containment, eradication, and recovery efforts.

• Conduct post-incident analysis to identify root causes and implement preventive measures.

• Ensure Compliance:

• Ensure the organization complies with relevant laws, regulations, and industry standards (e.g., GDPR, HIPAA, PCI-DSS).

• Prepare for and manage internal and external security audits.

• Maintain documentation required for compliance reporting.

• Security Awareness Training:

• Develop and conduct security awareness training programs for employees.

• Promote a culture of security awareness and educate employees on security best practices.

• Manage Security Technologies:

• Evaluate, select, and implement security technologies and solutions.

• Ensure the maintenance and updating of security systems and infrastructure.

• Monitor and analyze security alerts from various sources to identify potential threats.

• Vendor and Third-Party Management:

• Assess and manage security risks associated with third-party vendors and partners.

• Ensure third-party compliance with the organization’s security policies and standards.

• Conduct security reviews and audits of third-party services.

• Develop and Enforce Access Controls:

• Implement and manage access control policies and procedures.

• Ensure appropriate user access levels and monitor for unauthorized access attempts.

• Conduct regular reviews of user access permissions.

• Maintain Business Continuity and Disaster Recovery Plans:

• Develop and maintain business continuity and disaster recovery plans.

• Ensure these plans include comprehensive information security considerations.

• Conduct regular testing and updates of these plans.

• Performance Metrics and Reporting:

• Develop and monitor key performance indicators (KPIs) for the information security program.

• Provide regular reports to senior management on the status of security initiatives and incidents.

• Use metrics to continuously improve the security posture of the organization.

• Collaborate with IT and Other Departments:

• Work closely with IT and other departments to ensure seamless integration of security measures.

• Collaborate on security aspects of new projects, systems, and applications.

• Ensure security is considered in all aspects of the organization’s operations.

• Stay Updated on Security Trends:

• Keep abreast of the latest security threats, trends, and technologies.

• Participate in professional development activities and industry conferences.

• Apply new knowledge to enhance the organization’s security program.

• Budget Management:

• Develop and manage the information security budget.

• Allocate resources effectively to support security initiatives and projects.

• Ensure cost-effective deployment of security solutions.

Key Stakeholders

Indicate both internal and external stakeholders

Skills

Technical Skills:

• Knowledge of security frameworks (e.g., NIST, ISO 27001).

• Proficiency in security tools and technologies (e.g., SIEM, IDS/IPS, firewalls). Experience with vulnerability management and penetration testing.

Skills:

• Strong knowledge of security technologies, including firewalls, encryption, intrusion detection/prevention systems, and vulnerability management.

• Analytical Skills. Strong analytical and problem-solving abilities to identify and mitigate security threats.

• Strong leadership and project management skills.

• Communication Skills. Ability to communicate complex security concepts to non-technical stakeholders. Good documentation and reporting skills.

Personal Attributes:

• High ethical standards and integrity.

• Ability to work under pressure and manage multiple priorities.

• Strong attention to detail and a commitment to continuous improvement.

Competencies Technical Expertise:

• Deep Knowledge of Information Security:

• Comprehensive understanding of cybersecurity principles, practices, and technologies.

• Familiarity with security frameworks and standards (e.g., NIST, ISO 27001).

• Experience with Security Tools and Technologies:

• Proficiency with various security tools such as firewalls, intrusion detection/prevention systems (IDS/IPS), SIEM systems, and encryption technologies.

Risk Management Skills:

• Ability to identify, assess, and prioritize security risks.

• Experience in developing and implementing risk mitigation strategies.

• Incident Response Proficiency:

• Expertise in incident response planning, execution, and post-incident analysis.

• Ability to lead and manage a security incident response team.

• Leadership Skills

Strategic Thinking:

• Ability to develop and implement long-term security strategies that align with organizational goals.

• Forward-thinking to anticipate future security trends and threats.

Team Management:

• Strong leadership skills to manage, mentor, and motivate the security team.

• Ability to foster a collaborative and supportive team environment.

Decision-Making Ability:

• Capability to make informed and timely decisions during security incidents and under pressure.

• Balance between taking calculated risks and ensuring robust security measures.

• Communication Skills

Effective Communication:

• Ability to communicate complex security concepts to non-technical stakeholders in a clear and concise manner.

• Strong written communication skills for creating policies, reports, and documentation.

Interpersonal Skills:

• Ability to work with diverse teams and build strong relationships across the organization.

• Persuasive skills to advocate for necessary security measures and resources.

• Personal Qualities

Integrity and Trustworthiness:

• High ethical standards and a commitment to maintaining the confidentiality, integrity, and availability of information.

• Trusted by colleagues and senior management.

Attention to Detail:

• Meticulous approach to identifying vulnerabilities and ensuring compliance with security policies.

• Thorough in conducting risk assessments and audits.

Problem-Solving Skills:

• Creative and analytical thinking to develop effective solutions for security challenges.

• Resilience and persistence in addressing complex security issues.

Adaptability:

• Flexibility to adapt to rapidly changing security threats and technological advancements.

• Openness to continuous learning and professional development.

Proactive Attitude:

• Initiative to stay ahead of potential security threats through proactive measures.

• Continuous improvement mindset to enhance the organization’s security posture.

Resilience Under Pressure:

• Ability to remain calm and effective during security incidents and high-stress situations.

• Strong crisis management skills to lead the organization through security emergencies.

Relevant Experience Required

• Several years of experience in information security, with a proven track record in managing security programs.

• Experience in risk management, incident response, and security policy development.

Educational and Certification Requirements

• Bachelor’s degree in Information Security, Computer Science, or a related field.

• Professional certifications such as CISSP, CISM, or equivalent or CompTIA Security+ are often preferred.

Direct Reports and Span of Control

• This role will be responsible for 2 InfoSec Analysts.

Equal Opportunity Employer: At Athena, we are deeply committed to fostering an inclusive and diverse workplace environment. We believe that diversity enriches our organization, enhances creativity, and drives innovation. We are dedicated to providing equal employment opportunities to all individuals regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or any other characteristic protected by applicable laws. We strive to create an environment where everyone feels valued, respected, and empowered to contribute their unique perspectives and talents. We actively promote diversity and inclusion through our hiring practices, employee development initiatives, and company culture, recognizing that it is essential for our success as a company and as a community.