Job Description

Strategic Security Leadership

Lead, define and execute the organization's information security strategy, policies, and governance frameworks. Participate and provide regular updates in executive meetings and security-related board discussions. Evaluate and recommend new security technologies, processes, and solutions.

Risk Management & Compliance

Oversee risk assessments, security audits, and penetration testing activities. Ensure compliance with relevant industry standards (e.g., ISO 27001, ISO 27017, ISO 27018, NIST CSF, CIS Controls) and regulatory requirements (e.g., GDPR, PDPA, HIPAA). Develop and maintain risk registers, ensuring timely mitigation and remediation actions.

Incident Response & Threat Management

Lead incident detection, response, and recovery activities in coordination with the SOC and IT teams. Manage post-incident reviews and ensure lessons learned are incorporated into future security measures. Monitor the threat landscape and ensure proactive measures against potential attacks.

Security Operations Oversight

Support the management of security operations centres (SOCs) and ensure effective use of SIEM, EDR, and other monitoring tools. Oversee access control, data protection, and identity management programs. Collaborate with Project teams and DevSecOps teams to embed security in systems development and infrastructure changes. Liaise with external vendors for source code scanning, penetration, vulnerability and security testing Work with QA teams to test for vulnerabilities in projects Conduct security audit and review for projects Recommend solutions to fix security issues

Awareness & Training

Drive organization-wide security awareness programs and phishing simulations. Provide guidance and mentorship to security and IT staff. Promote a culture of security across business units.

Requirements

Educational & Professional Qualifications:


Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field. Professional certifications such as CISSP, CISM, CISA, CRISC, OSCP, ISO 27001 Lead Auditor or equivalent are strongly preferred.
Experience & Skills:


Proven experience managing ISO frameworks and enterprise security tools (SIEM, EDR, IDS/IPS, firewalls). Experience with cloud security (AWS, Azure, GCP), network security, and application security. Demonstrated experience in incident response, threat intelligence, and security governance. Proven experience in application and system vulnerability assessments. Hands-on experience with source code scanning, penetration testing, and security testing methodologies. Familiarity with security tools and testing frameworks. Strong understanding of cybersecurity principles and best practices. Experience conducting security audits and reviews for various projects. Ability to analyze security issues and recommend effective solutions. Knowledge of ISO 27001 standards and involvement in ISO 27001 audits is desirable. * Strong leadership, analytical, and communication skills to liaise with internal teams and external vendors.