Information Security Manager

Job description

EdgeUno is seeking an experienced and proactive Information Security Manager to lead the company's global cybersecurity and information security risk management initiatives.

This role will partner closely with IT, Engineering, Operations, and Executive teams to own and mature EdgeUno's end-to-end Information Security Program, ensuring confidentiality, integrity, and availability across our systems, data, and infrastructure.

The ideal candidate brings a strategic mindset, deep technical understanding, and hands-on experience with standards such as ISO 27001:2022, as well as frameworks including NIST CSF, CIS Controls, MITRE ATT&CK, NIST RMF, FAIR, OCTAVE, COBIT, and ITIL.

This person will lead key areas such as threat intelligence, data loss prevention (DLP), privacy, identity and access management (IAM), security operations (SOC), incident response, business continuity, and security awareness.

Core Responsibilities

Information Security Program & Leadership

• Design, execute, and continuously improve EdgeUno's global Information Security Program aligned with ISO 27001:2022 and industry best practices.
  
  

• Serve as the Information Security Officer (ISO) responsible for maintaining our ISO 27001:2022 certification, leading audits, gap analyses, and surveillance processes.
  
  

• Define security policies, controls, and guidelines to mitigate risk and ensure corporate policies and regulatory compliance across geographies.
  
  

• Lead and mentor the Information Security Team providing support for internal users across all departments and locations.
  
  

• Conduce performance review cycles, provide feedback, and help teams develop skills to make sure we have the right person on the right seat.
  
  

Governance, Risk & Compliance

• Own and operate the Information Security Risk Management Framework including regular risk assessments, control validation, vendor security reviews, and mitigation planning.
  
  

• Lead and maintain Business Continuity Plans (BCP), Disaster Recovery Plans (DRP), and Contingency Planning procedures.
  
  

• Collaborate with Legal, Operations, and external consultants to ensure alignment with data privacy laws (e.g., LGPD, GDPR, and LATAM regulations).
  
  

Security Operations & Technical Oversight

• Manage Security Operations Center (SOC) functions either in-house or with third-party providers, ensuring effective threat detection and incident response.
  
  

• Oversee Threat Intelligence, vulnerability management, and offensive security practices including regular penetration testing and red/blue team exercises.
  
  

• Support implementation of IAM/PAM policies and tools for access governance and least-privilege enforcement across systems.
  
  

Data Protection & Privacy

• Define and enforce Data Loss Prevention (DLP) strategies to monitor and protect sensitive data across databases, endpoints, cloud, and SaaS platforms.
  
  

• Drive data classification and privacy-by-design principles across systems and development workflows.
  
  

Training & Awareness

• Develop and run a company-wide Security Awareness Program, ensuring employees understand their roles in cybersecurity and compliance.
  
  

• Conduct phishing simulations, internal campaigns, and role-based training to drive security culture across the organization.
  
  

Collaboration & Leadership

• Partner with stakeholders to ensure alignment between support, device, and security policies.
  
  

• Serve as the primary point of contact for all security incidents, regulatory inquiries, and audit responses.
  
  

• Regularly report program status, information security risks, and KPIs to executive leadership.
  
  

Requirements

• Bachelor's degree in Information Security, Computer Science, Engineering, or a related field.
  
  

• Master's and relevant certifications (CISSP, CISM, CRISC) strongly preferred.
  
  

• 10+ years of experience in cybersecurity, risk management, or information security roles, including 5+ years in a team leadership capacity.
  
  

• Deep experience with ISO 27001 implementation, certification, and maintenance.
  
  

• Knowledge of security and other frameworks such as NIST CSF, CIS Controls, MITRE ATT&CK, NIST RMF, FAIR, OCTAVE, COBIT, and ITIL.
  
  

• Experience with SOC operations, threat intelligence platforms, SIEMs, SOAR, XDR, EDR, and incident response workflows.
  
  

• Familiarity with IAM/PAM systems, vulnerability scanning, DLP tools, and privacy compliance (GDPR/LGPD, etc.).
  
  

• Strong understanding of business continuity planning, disaster recovery design, and cloud/hybrid environments.
  
  

• Excellent communication skills in English; Spanish and/or Portuguese highly desirable.
  
  

• Comfortable operating in a hybrid, globally distributed organization.
  
  

• Previous experience in telecom, hosting, datacenter, or infrastructure service providers is a plus

Nice to Have

• Experience with telecom or infrastructure service providers.
  
  

• Technical background in networks, systems administration, or secure software development.
  
  

• Familiarity with security automation platforms.
  
  

• Previous exposure to managing third-party risk or working with managed security service providers (MSSPs).
  
  

What We Offer

At EdgeUno, we offer a competitive compensation package, training and development opportunities, and a collaborative environment where you'll be part of a technical team committed to operational excellence.

We work with purpose
to deliver the infrastructure that powers cloud, gaming, streaming, and enterprise expansion in Latin America.

Come build the backbone of the internet with us.

Note: Please submit your resume in English.

Resumes in other languages may not be considered

Required Skill Profession

Other General