VP/AVP - Information Security

Job Description

Key highlights of the role are listed below (purely indicative and not limiting): Develop and execute a comprehensive information security strategy, aligned with the organizations goals, to protect sensitive data and systems from cyber threats. Collaborate with senior management to integrate security best practices into the organization's overall strategy and operations. Oversee the development and implementation of risk management frameworks, including business continuity and disaster recovery plans. Identify, assess, and mitigate cybersecurity risks across all organizational levels. Establish and maintain the company’s cybersecurity policies, standards, and procedures. Ensure the organization’s cybersecurity practices comply with regulatory and local data protection laws Manage the company’s security posture, including risk assessments, audits, and compliance initiatives Conduct regular risk assessments to identify potential security gaps and implement corrective actions Define and enforce a risk management framework to address emerging threats and vulnerabilities. Managing and monitoring SOC and drive cyber security related projects. Conduct and complete an annual review of required PCIDSS, ISO 27001 regulations and certification. Conducting risk assessment and security reviews of new applications and initiatives and recommendation to mitigate risk. Ensuring that periodic tests are conducted to evaluate the adequacy and effectiveness of technical security control measures, especially after each significant change to the IT applications/ systems/ networks as well as after any major incident Ensuring regulatory and non-regulatory compliance on IT Governance and Cyber Security within stipulated timelines Develop Information security awareness training and education program. Lead internal and external cybersecurity audits, reviews, and compliance reporting, while conducting security committee meetings and liaising with internal and external auditors on matters related to information security. Ensure personnel only have access to the sensitive information for which they have appropriate authority and clearance. Ensure controlsin place against unauthorized access to workstations and related equipment. Set the access and authorization controls for everyday operations as well as emergency procedures for data. Implement automated and continuous monitoring of security incidents. Respond to cyber incidents in a timely manner. Implement Cyber capability index to identify cyber maturity and reporting the cyber health to regulators. Work closely with the legal and compliance teams to ensure adherence to industry regulations and standards. Stay up-to-date with the latest security trends, threats, and regulatory changes and adjust the security program accordingly. Applicants should possess the following attributes: Extensive experience in information security leadership roles, with a proven track record of strategic planning and execution. Deep understanding of regulatory standards and frameworks, including PCIDSS, ISO 27001, GDPR, and others. Hands-on expertise in cybersecurity technologies such as SIEM, SOAR, UEBA, TIP, and advanced threat detection systems. Strong background in risk management, governance, and compliance across diverse IT environments. Familiarity with emerging technologies, including AI, ML, and blockchain, and their implications on cybersecurity. Exceptional communication skills with the ability to present complex security topics to executive leadership and stakeholders.