Security Manager, Creative

This is a fully remote position, open to applicants in India.

📋 Description

• Take charge of information security for client solutions and Practice Area technology, collaborating with key stakeholders to deliver secure products and services for clients, encompassing both on-premises and cloud infrastructure components.

• Integrate security controls, patterns, and tools into product and solution teams at every stage of the secure development lifecycle (SDLC), with a strong emphasis on shift-left methodologies.

• Manage security assurance for products and solutions, assessing the implementation and effectiveness of security controls.

• Identify, evaluate, and manage security vulnerabilities, weaknesses, and risks from various sources (e.g. security testing, threat intelligence, and audits), ensuring appropriate responses and management of these issues (e.g. treatment plans, remediation actions, and risk acceptance where applicable).

• Lead the delivery of pertinent global security and transformation initiatives within the Practice Area, ensuring successful execution and alignment with Practice Area priorities and client needs.

• Provide incident support to Cyber Operations within the Practice Area, serving as a security subject matter expert (SME) for the business division and assisting in investigations.

• Assist with client security requests, which may include (but are not limited to) RFIs, audits, and security questionnaires.

⛳️ Requirements

• Relevant security certifications or equivalent experience, such as CISSP, CISM (or similar).

• Proven experience in product/application security, including familiarity with common security issues such as the OWASP top 10.

• Experience working with various security frameworks (e.g. ISO 27001, NIST CSF, SOC2).

• Demonstrated proficiency in security risk assessments for technical products and solutions, including the capability to support the design, development, and implementation of suitable security controls.

• Solid understanding of modern technologies, architectures, and engineering practices, including cloud-native patterns, APIs, CI/CD, and DevOps methodologies.

• Comprehensive knowledge of core security domains and principles, such as secure design.

• Strong knowledge of the SDLC with practical experience in integrating security early (“shift left”) through patterns, controls, tooling, and consultancy.

• Exceptional stakeholder management and interpersonal skills, capable of influencing and communicating effectively with both technical and non-technical audiences.

• Excellent written and verbal communication skills, capable of producing clear security guidance, risk briefs, and assurance outcomes.

• Experience working in a matrixed organization, aligning and delivering outcomes across multiple teams, priorities, and stakeholders. Comfortable managing uncertainty, ambiguity, and change, and making sound decisions and recommendations even with incomplete information.

🏝️ Benefits

• Health insurance

• Professional development opportunities