Information Security Lead

Role & responsibilities

• Serve as the primary expert for all IT security matters, including cloud, on-premises infrastructure, identity, and access management.
• Lead the design and implementation of security architecture from the ground up.
• Act as the go-to authority for internal and external security topics, jointly accountable for the organizations security posture.
• Establish strong governance, robust controls, and best-practice security frameworks to ensure a highly secure IT environment.

Identity & Access Management

• Assess and redesign Active Directory structures, AD Groups, and access control policies.
• Define, improve, and enforce identity, user access, and privilege management policies.
• Secure and oversee all administrative access across systems and cloud platforms.

Security Architecture & Implementation

• Design security policies, architectures, and controls, ensuring hands-on implementation.
• Collaborate with internal teams to remediate vulnerabilities and security gaps.
• Build security baselines for cloud operations and ensure best-practice deployment models.

SOC, Monitoring & Incident Response

• Govern and interface with SOC/SIEM providers (e.g., MDR solutions).
• Establish or optimize incident management processes and implement appropriate tooling.
• Create operational procedures and documentation as required.

Tools, Automation & Application Onboarding

• Design and manage security tools for compliance, monitoring, and onboarding.
• Develop secure onboarding processes for enterprise/IT applications aligned with strong security principles.
• Implement third-party security assessment workflows/tools for IT/OT vendor onboarding.

Compliance, Governance & Standards

• Drive the roadmap for NIS2 and ISO 27001 compliance in collaboration with internal teams and external consultants.
• Set and govern security policies, standards, and best-practice frameworks.
• Conduct internal and external compliance workshops.

Stakeholder Management & Leadership

• Present security proposals, plans, and risk assessments to senior management.
• Collaborate with internal product cybersecurity teams and external partners.
• Represent IT security internally and externally, including customer-facing security posture discussions.
• Drive and communicate multiple security initiatives across the organization.