Experience: 8–10 Years
Role: Full Time
We are looking for an experienced IT Security Lead to strengthen our cybersecurity posture and lead security operations across group entities. This role is ideal for a hands-on security professional who can balance operational leadership, incident response, and governance, while working closely with the CISO, IT teams, and business stakeholders.
Key Responsibilities
1. Operational Leadership
* Lead and coordinate daily IT security operations across all group entities.
* Manage a small team of security analysts/engineers, ensuring continuous monitoring, alert management, and timely incident response.
• Serve as the main point of contact for security operations between internal teams and the CISO.
• Lead efforts to automate security operations using SOAR platforms and scripting (e.g., Python, PowerShell) to improve efficiency and response times.
* Oversee cloud security operations for hybrid or multi-cloud environments, ensuring consistent monitoring and protection.
* Maintain operational alignment with the IT Service Management framework and change management processes.
2. Incident Response & Threat Management
* Oversee the identification, triage, investigation, and resolution of security incidents.
• Coordinate incident response activities, including communication, escalation, and post-incident reviews.
* Monitor threat intelligence feeds and proactively implement measures to mitigate emerging risks.
• Maintain the Incident Response Plan (IRP) and coordinate simulation exercises (tabletop tests)
* Stay ahead of emerging threats including AI-driven attacks, ransomware, and supply chain vulnerabilities.
• Provide timely reporting of incidents to management and regulators, as required.
3. Vulnerability & Patch Management
• Manage the vulnerability management lifecycle, including scanning, prioritization, remediation tracking, and reporting.
• Collaborate with infrastructure and application teams to ensure timely patching and hardening of systems.
* Include third-party and supply chain risk assessments as part of the vulnerability lifecycle.
* Ensure cloud-native services are included in patching and hardening efforts.
4. Security Tools & Infrastructure
• Administer and optimize security tools (e.g., SIEM, endpoint protection, email security, firewalls, DLP, etc.).
• Evaluate and implement new security technologies to address evolving threats and improve detection capabilities.
* Ensure integration between security tools and IT infrastructure for unified monitoring and incident tracking.
5. Collaboration with IT & Business Functions
* Work closely with the Infrastructure and Applications teams to ensure Group security standards are followed in IT and business projects.
* Act as a security advisor in IT and business projects, ensuring alignment with Group security standards and regulatory requirements.
• Participate in project reviews, risk assessments, and solution designs to integrate appropriate security controls early in the lifecycle (“security by design”).
• Support fraud prevention and detection initiatives through data analytics and security monitoring.
• Collaborate with legal and compliance teams to ensure data privacy regulations (e.g., GDPR) are embedded in project designs.
6. Compliance & Governance Alignment
* Work in close coordination with the CISO to implement the security governance framework, policies, and procedures.
• Ensure compliance with FSC & BOM guidelines, DPA, and ISO 27001 standards
* Support internal and external audits, penetration tests, and regulatory reviews.
• Maintain security metrics and prepare periodic reports on the Group’s operational security posture.
• Maintain an oversight of third-party risk assessments, vendor security reviews, and integration of supply chain risk into the security program.
7. Awareness & Collaboration
* Support user awareness initiatives and promote a security-first culture within the Group.
* Collaborate with IT, Risk, and Compliance teams to ensure security integration in business processes and new initiatives.
* Provide technical coaching and mentorship to junior security staff.
Qualifications & Experience
* Bachelor's degree in information security, Computer Science, or related field.
• Minimum 8-10 years of experience in IT or Cybersecurity, including at least 3 years in a security operations or technical leadership role.
• Strong hands-on experience with security monitoring tools (e.g., SIEM, EDR, XDR, IDS/IPS, Firewalls).
* In-depth understanding of incident response processes, network security, and vulnerability management.
* Familiarity with frameworks such as ISO 27001, NIST, and CIS Controls.