Information Security Manager

**About the company**:
VOSS develops a range of products that are used by the world’s largest communications service providers and enterprises. These market-leading tools are paired with professional services to help our customers achieve the most from their digital workplace platform. We operate in a very dynamic industry and leverage the latest technologies to keep our software at the forefront of the market.

VOSS is a global team with offices in Cape Town, Dallas, London, and Sydney. Our engineers are encouraged to travel and work directly with our customers to gain real-world experience. Read more about VOSS and what we do, on our website.

**Purpose of the position**:
VOSS has acquired access to a number of technological solutions in response to market demands and provides software services to global managed service providers, large enterprises, either directly or through partner and reseller channels. One of VOSS’s strategic objectives is to transition from customer-hosted, on-premise solutions to VOSS cloud-hosted solutions.

As regulatory and cyber security requirements have become a permanent standard, and the continuous evolution of these requirements must be considered and incorporated within our business processes and procedures, VOSS is committed to evolve, improve and mature its information security practices and has an objective of aligning and certifying with ISO27001 or SOC2, whilst tactically also complying with various customer requirements pertaining to information and data security.

The Information Security Manager will be responsible for reviewing the existing status and what has been set up to date and then working with the current team that is involved in the initiative to develop, implement and then manage our Information Security Program (ISP). This role requires a strong project management background, an understanding of software development processes and a comprehensive knowledge of information security best practices, specifically related to cloud-hosted services.

The Information Security Manager will be expected to take ownership of internal and external programs and will collaborate with cross-functional teams to identify risks, implement security measures whilst ensuring compliance with relevant industry standards and regulations. All information and data security related requests received from customers will be owned and managed by the Information Security Manager, who will take lead in the analysis, data collection and collaboration, preparation and responses to such requests.

They will also be responsible for monitoring, investigating, and responding to security incidents, as well as providing guidance and training to employees regarding information security protocols and processes.

**What we are looking for**:
The Information Security Manager will act as the Data Protection Officer (DPO) and should display the ability to manage critical escalations as part of the response procedures during an information or data breach incident.

Importantly, the Information Security Manager will need to be commercially mature to ensure we get a sensible balance between a high enough level of the implemented level of security to meet the market demands and not embarking in a direction to try to deliver an all embracing, perfect outcome.

**Key Characteristics and Proven Experience**:

- Proven success in a similar role.
- A strong customer centric and pragmatic approach.
- Excellent, proven problem solving skills.
- A strong commercial approach and the ability to budget and track both costs and benefits
- Great attention to detail.
- Proven ability to get things done - be very outcome focussed in their approach whilst measuring progress and success.
- Experience working collaboratively with executives and teams in a matrix style environment, with the ability to influence, lead and guide executives and teams on information and data security related topics.
- Strong leadership abilities, with a track record of driving change and building a culture of security awareness.
- Proficient knowledge of data security best practices, industry standards, and frameworks (e.g. ISO 27001, SOC 2).
- Highly regarded communication and interpersonal skills, with the ability to effectively collaborate with technical and non-technical stakeholders, both internally and externally.
- Familiarity with privacy regulations (e.g., GDPR, CCPA) and experience in ensuring compliance.
- Strong project and program management skills with a proven ability of delivering complex programs spanned across cross-functional teams within a distributed workforce.
- Experience managing programs for certification with ISO 27001 or SOC 2.
- Strong understanding of software development processes, as well as processes related to the wider business, including a good understanding on the concepts and implementation requirements related to the technical and operational measures required to ensure compliance (including secure codi