Head of Information Security

Summary:

The Head of Information Security (IS) is responsible for developing, implementing, and managing the organization’s information security strategy. This role ensures the security, confidentiality, integrity, availability and privacy of data and systems, protects against internal and external threats, and ensures compliance with relevant regulations and standards.

Requirements

• Bachelor’s or master’s degree in computer science, Information Security, or related field.
• Professional certifications such as ISO/IEC 27001 Lead Implementer, CISSP, CISM, CISA, or equivalent.
• 10 years of progressive experience in information security, with at least 2 years in a leadership role

Description:

1. Strategic Leadership

• Develop / execute a comprehensive IS strategy aligned with business objectives
• Lead the creation and enforcement of security policies, standards, and procedures
• Advise senior management on risk mitigation and security posture

1. Risk Management & Compliance

• Conduct regular risk assessments and audits
• Ensure compliance with standards / frameworks (e.g., ISO 27001, NIST, GDPR, SOC)
• Oversee incident response, business continuity and disaster recovery planning

1. Security Operations

• Monitor and manage Security Information and Event Management (SIEM) solution
• Lead investigations into security breaches and coordinate response efforts
• Oversee vulnerability management and penetration testing

1. Team & Stakeholder Management

• Build and lead a team of security professionals
• Collaborate with IT, HR, admin, and other departments to integrate security into business processes

1. Training & Awareness

• Develop and deliver security awareness training to employees
• Promote a culture of security across the organization

Skills & Competencies:

• Understanding of IT infrastructure, databases, networks, operating systems & programming languages
• Threat Modeling, attack vectors, penetration testing, security testing techniques, secure deployment and maintenance
• Risk Management and Threat & Vulnerability Assessment
• Information Asset Management
• Identity & Access Management
• Strong knowledge of security mechanisms and threat landscapes
• Excellent leadership, communication, and analytical skills
• Ability to manage crisis and make decisions under pressure