Job Description

Responsibilities:

Strategic Security Leadership

+ Lead, define and execute the organization's information security strategy, policies, and governance frameworks.
+ Participate and provide regular updates in executive meetings and security-related board discussions.
+ Evaluate and recommend new security technologies, processes, and solutions.

Risk Management & Compliance

+ Oversee risk assessments, security audits, and penetration testing activities.
+ Ensure compliance with relevant industry standards (e.g., ISO 27001, ISO 27017, ISO 27018, NIST CSF, CIS Controls) and regulatory requirements (e.g., GDPR, PDPA, HIPAA).
+ Develop and maintain risk registers, ensuring timely mitigation and remediation actions.

Incident Response & Threat Management

+ Lead incident detection, response, and recovery activities in coordination with the SOC and IT teams.
+ Manage post-incident reviews and ensure lessons learned are incorporated into future security measures.
+ Monitor the threat landscape and ensure proactive measures against potential attacks.

Security Operations Oversight

+ Support the management of security operations centres (SOCs) and ensure effective use of SIEM, EDR, and other monitoring tools.
+ Oversee access control, data protection, and identity management programs.
+ Collaborate with Project teams and DevSecOps teams to embed security in systems development and infrastructure changes.
+ Liaise with external vendors for source code scanning, penetration, vulnerability and security testing.
+ Work with QA teams to test for vulnerabilities in projects.
+ Conduct security audit and review for projects.
+ Recommend solutions to fix security issues.

Awareness & Training

+ Drive organization-wide security awareness programs and phishing simulations.
+ Provide guidance and mentorship to security and IT staff.
+ Promote a culture of security across business units.

Prerequisites:

Educational & Professional Qualifications:

+ Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field.
+ Professional certifications such as CISSP, CISM, CISA, CRISC, OSCP, ISO 27001 Lead Auditor or equivalent are strongly preferred.

Experience & Skills:

+ Proven experience managing ISO frameworks and enterprise security tools (SIEM, EDR, IDS/IPS, firewalls).
+ Experience with cloud security (AWS, Azure, GCP), network security, and application security.
+ Demonstrated experience in incident response, threat intelligence, and security governance.
+ Proven experience in application and system vulnerability assessments.
+ Hands-on experience with source code scanning, penetration testing, and security testing methodologies.
+ Familiarity with security tools and testing frameworks.
+ Strong understanding of cybersecurity principles and best practices.
+ Experience conducting security audits and reviews for various projects.
+ Ability to analyze security issues and recommend effective solutions.
+ Knowledge of ISO 27001 standards and involvement in ISO 27001 audits is desirable.
+ Strong leadership, analytical, and communication skills to liaise with internal teams and external vendors.
+ Strong problem-solving skills and attention to detail.
+ Ability to work collaboratively in a project environment.
+ Up-to-date knowledge of emerging security threats and technology trends.
+ Good documentation and report-writing skills