Head of Information Security

Job Title:

Location:

Department:

Job Summary:

Key Responsibilities:

1. Strategic Leadership:

• Develop and implement a comprehensive information security strategy and program.
• Align the security strategy with business goals and objectives.
• Advise senior management on information security risks and mitigation strategies.

1. Risk Management:

• Identify, assess, and prioritize information security risks.
• Develop and maintain risk management frameworks and processes.
• Conduct regular security risk assessments and audits.

1. Policy and Compliance:

• Develop, implement, and maintain security policies, standards, and procedures.
• Ensure compliance with relevant laws, regulations, and industry standards (e.g., GDPR, CCPA, ISO/IEC 27001,SOC 2).
• Coordinate security-related audits and assessments.

1. Incident Management:

• Develop and implement an incident response plan.
• Lead the response to security incidents and breaches.
• Conduct post-incident analysis and reporting.

1. Security Operations:

• Oversee the implementation and management of security technologies (e.g., firewalls, IDS/IPS, SIEM).
• Monitor security events and respond to alerts.
• Conduct vulnerability assessments and penetration testing.

1. Training and Awareness:

• Develop and deliver security training programs for employees.
• Promote security awareness across the organization.
• Ensure employees understand and adhere to security policies and procedures.

1. Collaboration and Communication:

• Work closely with IT, Legal, HR, and other departments to ensure integrated security efforts.
• Communicate security risks and strategies to stakeholders.
• Represent the company in security-related forums and committees.

Qualifications:

• Bachelor’s degree in Computer Science, Information Security, or a related field. Master’s degree preferred.
• Professional certifications such as CISSP, CISM, or CISA.
• Minimum of 10 years of experience in information security, with at least 5 years in a leadership role.
• Strong knowledge of information security management frameworks (e.g., ISO/IEC 27001, NIST, SOC2).
• Experience with security technologies and tools.
• Excellent leadership, communication, and interpersonal skills.
• Ability to think strategically and manage multiple projects simultaneously.
• Strong analytical and problem-solving skills