Cyber Security Leader

Cyber Security Leader Position

We are seeking a highly skilled Cyber Security Leader to spearhead the development and implementation of our cybersecurity strategy, ensuring the protection of our technology environment.

This pivotal role involves working closely with various teams to establish robust security policies, procedures, and operational standards that safeguard both IT and OT assets.

Key Responsibilities:

• Provide expert guidance on cybersecurity projects, guaranteeing timely delivery and maintenance of security operations.
• Ensure prompt response to cyber incidents and execute remediations in accordance with service level agreements (SLAs).

Cyber Technical Expertise:

• Act as the technical point of escalation for all security-related controls and concepts.
• Lead the implementation of cybersecurity best practices within projects and guide key stakeholders on security architecture best practices.
• Review and implement security policy and configurations, ensuring compliance with frameworks like CIS, SIEM, Palo Alto Firewalls, and more.

Cyber Governance & Operations:

• Conduct risk assessments to identify and mitigate internal and external security threats.
• Oversee outsourced security operations, ensuring SLAs and KPIs are met.
• Implement cyber hardening techniques and continuously monitor security measures for IT and OT systems.
• Ensure all security tools are configured according to best practices and managed throughout their lifecycle.

Incident, Problem & Change Management:

• Lead rapid response and investigation into security incidents, ensuring appropriate mitigation measures are taken to reduce impact.
• Manage changes to security configurations, policies, and procedures, ensuring minimal disruption to ongoing operations and project lifecycles.

Cyber Supply Chain Risk & Vendor Management:

• Manage third-party vendors and partners providing security services or solutions, ensuring compliance with agreed security standards.
• Monitor and manage cybersecurity risks associated with external vendors throughout their lifecycle.

Security & Compliance:

• Develop and implement a NIST-based cybersecurity strategy, ensuring alignment with organizational goals.
• Conduct ongoing monitoring of security events and ensure timely, effective responses to emerging threats.
• Oversee security and compliance audits, ensuring that internal policies and external regulations are met.

Information Security:

• Develop and enforce information security policies and standards governing the confidentiality, integrity, and availability of organizational data.
• Establish and implement data classification and security protocols across the business.
• Manage the security of on-premises and cloud environments (Azure).
• Ensure proper implementation of network segmentation, VPN security, and Zero Trust models.
• Maintain and refine cloud security policies and standards for Azure.

Disaster Recovery & Business Continuity:

• Ensure business continuity and disaster recovery plans incorporate appropriate security measures.
• Lead testing of the Business Continuity Plan (BCP) and Disaster Recovery (DR) strategies to ensure business functions are protected in case of cyber incidents.
• Drive the implementation and improvement of cybersecurity processes and procedures.
• Ensure continuous updating and sharing of security knowledge, best practices, and compliance standards across the organization.
• Lead ongoing improvements to security processes, ensuring they evolve in line with changing regulations and industry best practices.

Requirements:

• 10-15 years of experience in cybersecurity or information security roles, including network security and system security.
• Significant experience in cybersecurity governance, risk management, and compliance.
• Proven expertise in developing and implementing security control assurance programs and supply chain risk assessment frameworks.
• Certifications: CISSP, CISM, or other security certifications are highly desirable.
• Knowledge: Solid understanding of security management frameworks such as ISO27001, NIST, ASD, and other related security standards.
• Familiarity with cloud environments (specifically Azure) and network security (e.g., VPN, Zero Trust).

---