Infosec Engineer (M&A)

Key Responsibilities

• Develop and implement comprehensive cyber security strategies aligned with industry best practices and frameworks, including NIST CSF, CIS, MITRE ATT&CK, and the Cyber Kill Chain.
• Provide leadership in network security, cloud security, vulnerability management, incident response, application security, and IoT security, ensuring all functions operate effectively and efficiently.
• Oversee the deployment and management of security technologies such as SIEM/SOAR, EDR/XDR, IDS/IPS, NAC, email gateways, Active Directory, DAST/SAST, WAF, firewalls, and vulnerability management tools.
• Collaborate with IT and business units to identify and mitigate security risks, ensuring compliance with security policies and standards.
• Drive the development of cyber security policies, standards, and procedures, ensuring they are well-communicated and adhered to across the organization.
• Stay current with emerging cyber threats and vulnerabilities, providing insights and recommendations to enhance the security posture.
• Manage and analyze security metrics, producing reports to inform leadership on the state of the organization's security.
• Lead a team of cyber security professionals, fostering a collaborative and high-performance culture.
• Build strong relationships with internal and external stakeholders, including IT, M&A, business units, and third-party vendors, to ensure cohesive security practices.
• Communicate effectively with senior management, providing clear and concise updates on security initiatives, risks, and strategies.
• Advocate for security best practices throughout the organization, driving awareness and engagement at all levels.

Requirements

• Strong hands-on experience in design, deploying and managing Network security, IAM suite of technology solutions/ services, PKI services, Data Security solutions, Product/Application security solutions, SOC solutions and tools, 3rd party risk management.
• Strong hands-on experience conducting PEN testing, red/ purple team exercises, tabletop simulations, PEN testing, IR and vulnerability management across IT domains and business where appropriate.
• Strong knowledge of Microsoft, Linux, Apple, AWS, Storage (NetApp and Pure), Azure and GCP.
• Experience in implementing and enforcing security services and control (shift-left) across Infrastructure as a Code, Configuration management, DevOps and other automation capabilities is desired.
• Proven experience leading a global cybersecurity engineering and operations team, managing both people and technology

Experience:

• Should have relevant experience of at least 10-15 years.