Information Security Manager

EdgeUno is seeking an experienced and proactive **Information Security Manager** to lead the company’s global cybersecurity and information security risk management initiatives. This role will partner closely with IT, Engineering, Operations, and Executive teams to own and mature EdgeUno’s end-to-end **Information Security Program**, ensuring confidentiality, integrity, and availability across our systems, data, and infrastructure.

**Core Responsibilities**

**Information Security Program**&**Leadership**
- Design, execute, and continuously improve EdgeUno’s global Information Security Program aligned with ISO 27001:2022 and industry best practices.
- Serve as the Information Security Officer (ISO) responsible for maintaining our ISO 27001:2022 certification, leading audits, gap analyses, and surveillance processes.
- Define security policies, controls, and guidelines to mitigate risk and ensure corporate policies and regulatory compliance across geographies.
- Lead and mentor the Information Security Team providing support for internal users across all departments and locations.
- Conduce performance review cycles, provide feedback, and help teams develop skills to make sure we have the right person on the right seat.

**Governance, Risk & Compliance**
- Own and operate the Information Security Risk Management Framework including regular risk assessments, control validation, vendor security reviews, and mitigation planning.
- Lead and maintain Business Continuity Plans (BCP), Disaster Recovery Plans (DRP), and Contingency Planning procedures.
- Collaborate with Legal, Operations, and external consultants to ensure alignment with data privacy laws (e.g., LGPD, GDPR, and LATAM regulations).

**Security Operations & Technical Oversight**
- Manage Security Operations Center (SOC) functions either in-house or with third-party providers, ensuring effective threat detection and incident response.
- Oversee Threat Intelligence, vulnerability management, and offensive security practices including regular penetration testing and red/blue team exercises.
- Support implementation of IAM/PAM policies and tools for access governance and least-privilege enforcement across systems.

**Data Protection & Privacy**
- Define and enforce Data Loss Prevention (DLP) strategies to monitor and protect sensitive data across databases, endpoints, cloud, and SaaS platforms.
- Drive data classification and privacy-by-design principles across systems and development workflows.

**Training & Awareness**
- Develop and run a company-wide Security Awareness Program, ensuring employees understand their roles in cybersecurity and compliance.
- Conduct phishing simulations, internal campaigns, and role-based training to drive security culture across the organization.

**Collaboration & Leadership**
- Partner with stakeholders to ensure alignment between support, device, and security policies.
- Serve as the primary point of contact for all security incidents, regulatory inquiries, and audit responses.
- Regularly report program status, information security risks, and KPIs to executive leadership.

**Requirements**:

- Bachelor’s degree in Information Security, Computer Science, Engineering, or a related field.
- Master’s and relevant certifications (CISSP, CISM, CRISC) strongly preferred.
- **1**0**+ years of experience** in cybersecurity, risk management, or information security roles, including **5**+ years in a**team**leadership capacity**.
- Deep experience with ISO 27001 implementation, certification, and maintenance.
- Knowledge of security and other frameworks such as **NIST** CSF**, **CIS Controls**, **M**ITRE** ATT&CK**, **NIST RMF**, **FAIR**, **OCTAVE**, **COBIT**, and **ITIL**.
- Experience with SOC operations, threat intelligence platforms, SIEMs, SOAR, XDR, EDR, and incident response workflows.
- Familiarity with IAM/PAM systems, vulnerability scanning, DLP tools, and privacy compliance (GDPR/LGPD, etc.).
- Strong understanding of business continuity planning, disaster recovery design, and cloud/hybrid environments.
- Excellent communication skills in **English**; Spanish and/or Portuguese highly desirable.
- Comfortable operating in a hybrid, globally distributed organization.
- Previous experience in **telecom, hosting, datacenter**, or **infrastructure service providers** is a plus

**Nice to Have**
- Experience with telecom or infrastructure service providers.
- Technical background in networks, systems administration, or secure software development.
- Familiarity with security automation platforms.
- Previous exposure to managing third-party risk or working with managed security service providers (MSSPs).

**What We Offer**

At EdgeUno, we offer a competitive compensation package, training and development opportunities, and a collaborative environment where you’ll be part of a technical team committed to operational excellence. We work with purpose
to deliver the infrastructure that powers cloud, gaming, streaming, and ent