-
Develop, implement, and maintain the client's information security policies, standards, and strategy.
-
Lead and mentor the IT security team, fostering a high-performance culture.
-
Oversee daily security operations, including incident response, vulnerability management, and threat monitoring.
-
Ensure compliance with relevant frameworks and regulations (ISO 27001, NIST, GDPR, PCI DSS, etc.).
-
Manage and optimize security technologies across on-premise infrastructure and cloud platforms (e.g., AWS, Azure, GCP).
-
Implement and oversee identity and access management (IAM), network security, and data protection controls across hybrid environments.
-
Conduct regular risk assessments, penetration tests, and audits, implementing mitigation measures.
-
Act as the escalation point for security incidents, coordinating response efforts and minimizing business impact.
-
Provide regular reporting and risk updates to senior stakeholders and executive leadership.
-
Evaluate new security tools and vendors to align with evolving business needs and emerging threats.
-
Promote a strong security culture across the organization through training and awareness programs.
-
Proven track record in IT security management or senior leadership roles.
-
Strong expertise in both on-premise security technologies (firewalls, IDS/IPS, SIEM, endpoint security) and cloud security (AWS/Azure/GCP security tools, cloud access controls, shared responsibility model).
-
Practical experience designing and managing hybrid security architectures.
-
In-depth knowledge of compliance standards and regulatory requirements.
-
Excellent leadership, communication, and stakeholder management skills.
-
Ability to balance business objectives with security requirements, making informed risk-based decisions.
-
Professional certifications (CISSP, CISM, CISA, GIAC, CCSP, or cloud-specific certifications) are highly desirable.
