Security Lead

Key Responsibilities:

Security Strategy & Governance:

• Develop, implement, and maintain security policies, procedures, and controls.
• Support the CISO in building a comprehensive security program aligned with business goals.
• Ensure compliance with standards such as ISO 27001, NIST, GDPR, and relevant local regulations.

Threat & Vulnerability Management:

• Identify, assess, and mitigate security risks across networks, systems, applications, and cloud environments.
• Lead vulnerability assessments, penetration testing, and security audits.
• Monitor threat intelligence feeds and respond to emerging threats.

Incident Response & Investigation:

• Lead incident response efforts, including containment, root cause analysis, and remediation.
• Develop and maintain an incident response plan and conduct regular tabletop exercises.
• Document incidents and report findings to management and regulatory bodies when needed.

Team Leadership & Collaboration:

• Supervise security analysts/engineers and coordinate with cross-functional IT and business teams.
• Mentor junior team members and promote a culture of security awareness.
• Work with infrastructure, application, and network teams to integrate security best practices.

Tools & Technology Management:

• Manage and optimize security tools such as SIEM, DLP, EDR, firewalls, and IAM solutions.
• Evaluate and onboard new security technologies and services as required.

Training & Awareness:

• Drive company-wide security awareness and training initiatives.
• Educate staff on phishing, social engineering, password hygiene, and data protection.

Key Requirements:

• Education:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Master's degree or MBA in Information Security or IT Management is a plus.

• Certifications (preferred):

• CISSP, CISM, CEH, OSCP, ISO 27001 LA, or similar.

• Experience:

• 610 years of experience in information security, with at least 23 years in a lead or managerial role.

• Skills:

• Deep understanding of cybersecurity frameworks and principles
• Experience with security monitoring, forensics, and incident response
• Knowledge of secure software development (DevSecOps), cloud security (AWS, Azure), and network security
• Strong communication, leadership, and stakeholder management skills
• Ability to handle pressure in fast-paced environments