IT Information Security Manager

Strong knowledge of information security frameworks (e.g., NIST, ISO 27001, SOC 2) and cybersecurity best practices. Proven track record of developing and managing effective security programs in a dynamic environment. Experience with risk assessment methodologies and GRC platforms. Excellent leadership, strategic thinking, analytical, and problem-solving skills. Superior communication (written and verbal), negotiation, and interpersonal skills. Demonstrated ability to manage crisis situations and lead incident response effectively. Relevant certifications such as CISSP, CISM, or CompTIA Security+ are highly desirable. Deep expertise in global data privacy regulations (e.g., GDPR, CCPA, LGPD) and experience implementing robust privacy programs. Familiarity with the e-commerce, retail technology, or advertising technology ecosystem is a significant plus. Bachelor's degree in Computer Science, Information Security, or a related field. 7+ years of progressive experience in information security. At least 3-5 years in a management or leadership role.

Manage the team responsible for ensuring the security of the organization's systems and information assets. Oversee the development and implementation of security systems, guidelines, and strategies. Implement processes and procedures to protect the organization against unauthorized access, use, disclosure, disruption, modification, and/or destruction. Conduct and review audits and risk assessments. Oversee the migration of non-compliant environments to compliant environments. Ensure compliance with data protection guidelines and applicable laws. Develop, implement, and maintain a robust corporate compliance program. Define, establish, and continuously improve SmartCommerce's information security strategy, policies, and procedures. Lead risk assessments and develop mitigation strategies. Oversee the development and delivery of comprehensive compliance and security training programs. Manage and respond to internal and external audits. Stay abreast of evolving regulatory landscapes, industry best practices, and emerging threats. Develop and manage incident response plans for security breaches and compliance violations. Collaborate closely with relevant departments to ensure 'privacy by design' and 'security by design' principles. Oversee third-party vendor risk management programs. Establish and manage relevant certifications and compliance frameworks. Prepare and present regular reports on compliance and security posture. Lead, mentor, and potentially build a team of compliance and security professionals. Manage non-platform infrastructure, including user technical support, access requests, terminations, etc.