Information Security Manager

DUG is looking for an Information Security Manager to join our global team. In this role, you'll take ownership of our cybersecurity posture, shaping policies, monitoring for threats, and implementing best practices to protect our data, systems, and users.
We operate primarily in a Linux-based environment, so a strong foundation in Linux security is essential.
You will work closely with our IT, software, and HPC teams to ensure security is integrated into every layer of our operations.

You will also facilitate communication between cyber security and business stakeholders. This includes translating cyber security concepts and language into business concepts as well as ensuring that business teams consult with cyber security teams to determine appropriate security measures when planning new business projects. Additionally, you will be responsible for the development of the strategic-level cyber security program, being best placed to advise projects on the strategic direction of cyber security.

If you're a security-minded professional who loves staying ahead of cyber threats, designing secure systems, and creating awareness across an organisation, we want to hear from you.

List of Responsibilities:

• Ongoing leadership and review of IT security. Ensure the alignment of cyber security and business objectives within DUG.
• Implementing and designing cyber security policies, procedures and system solutions in line with industry standards and certifications
• Take ownership of ISO 27001 implementation, compliance, and continual improvement
• Operate, conduct, and maintain DUG's SIEM platform (Wazuh) and conduct regular security audits of systems, policies, procedures, network configuration, operating systems, authentication systems, permission structures
• Own and manage the patching and vulnerability scanning process, including the use of tools such as OpenVAS or Nessus (preferred)
• Serve as the DUG point person for third-party security audit(s)
• Provide pre-sales security briefings / Q&A to DUG HPC Cloud customer security teams
• Work with DUG HPC Cloud customers and DUG teams on security integration
• Provide strategic-level guidance for DUG's cyber security program and ensure compliance with cyber security policy, standards, regulations and legislation, working with the senior executives within DUG
• Contribute to the development and maintenance of DUG's business continuity and disaster recovery plans, with the aim to improve business resilience and ensure the continued operation of critical business processes
• Report on the DUG's security risk profile, the status of key systems and any outstanding security risks, any planned cyber security uplift activities, any recent cyber security incidents, and expected returns on cyber security investments
• Oversee DUG's response to cyber security incidents, including how internal teams respond and communicate with each other during an incident
• Ensure that a consistent vendor management process is applied across their organisation, from discovery through to ongoing management

Job Requirements:

• Minimum of 10 years of experience in Information Systems and/or Security Management roles
• Solid understanding of information security principles and frameworks such as ISO 27001, NIST, and industry best practices
• Strong hands-on experience securing Linux-based systems and environments
• Familiarity with threat detection, vulnerability management, and incident response
• Proficient knowledge of firewalls, intrusion detection/prevention systems, and endpoint protection tools
• Proven ability to develop, implement, and enforce effective security policies and procedures
• Excellent communication skills, including the ability to lead and deliver security training and awareness programs

The following experience is desirable, but not mandatory:

• Experience with CI/CD pipelines, Terraform, DevSecOps, and Kubernetes
• Familiarity with Palo Alto or other Next-Generation Firewalls (NGFWs)

DISCLAIMER
The offer is subjected to pre-employment screenings that may include, but are not limited to:

• Verification of your right to work in the respective location
• Provision of applicable and relevant qualifications
• Nationally approved criminal history check