Job Description

Key Responsibilities

Develop, implement, and manage the organization's

information security strategy, policies, and procedures

. Lead the design and enforcement of

security controls

to protect systems, networks, and data from cyber threats. Manage a team of security professionals, providing

technical guidance, mentoring, and performance management

. Oversee

risk assessments, vulnerability management, penetration testing, and incident response

. Ensure compliance with

regulatory requirements, industry standards, and frameworks

(e.g., ISO 27001, NIST, GDPR, PCI-DSS, HIPAA). Collaborate with IT, DevOps, and business teams to embed security into

application development and infrastructure design

. Manage

security operations center (SOC) activities

, including monitoring, threat detection, and escalation. Define, track, and report

security KPIs and risk metrics

to senior leadership. Evaluate, select, and implement

security tools and technologies

to strengthen organizational defenses. Lead security awareness and training programs to promote a

strong security culture

.

Required Technical Skills (Tough Skills)

Cybersecurity & Risk Management

: Strong knowledge of

threat modeling, risk assessment methodologies, incident response frameworks

, and

business continuity planning

.

Security Technologies

: Hands-on expertise with

firewalls, IDS/IPS, SIEM (Splunk, QRadar, ELK), EDR/XDR, DLP, IAM, PAM solutions, WAF, and CASB

.

Cloud Security

: Proficiency in securing workloads on

AWS, Azure, and GCP

, including

IAM, KMS, Cloud Security Posture Management (CSPM)

.

Application & Network Security

: Experience in

secure SDLC, DevSecOps practices, vulnerability management, penetration testing tools (Burp Suite, Metasploit, Nessus, Qualys)

.

Cryptography & Data Protection

: Understanding of

PKI, SSL/TLS, encryption protocols, key management, tokenization, and data masking

.

Governance, Risk & Compliance (GRC)

: Familiarity with

ISO 27001, SOC 2, NIST CSF, COBIT, GDPR, HIPAA, PCI-DSS

frameworks.

Incident Response & Forensics

: Ability to manage

SIEM alerts, digital forensics, malware analysis

, and lead response teams during breaches.

Scripting & Automation

: Knowledge of

Python, PowerShell, or Bash

for automating security operations and log analysis.

Good to Have

Security certifications such as

CISSP, CISM, CISA, CEH, OSCP, CCSP, ISO 27001 Lead Implementer/Auditor

. Experience in

Zero Trust Architecture

and

container security (Docker, Kubernetes)

. * Knowledge of

threat intelligence platforms and SOC automation (SOAR)

.