Lead Cyber Security

Job Purpose:

This role is to lead the Cyber Security & Compliance product group. This includes the Application Security team, responsible for security assurance of applications (Design and architecture review, SAST, and DAST); Infrastructure Security team, responsible for security assurance of all Infrastructure components (such as patch and configuration compliance scanning and reporting); and Vulnerability Management, responsible for the identification, triage, scanning, and reporting against all vulnerabilities in the environment.

The lead includes overall leadership of these Application Security, Infrastructure Security, and Vulnerability Management teams; ownership of multiple relevant security controls and all the associated assurance and compliance activities; definition, collection, and reporting of relevant data points to support this activity; maintenance and configuration of associated technology capabilities; and strategy and roadmap development for the product group.

He will be a strong leader, with deep security and technical skills and experience. The role requires a deep knowledge of deriving value from security data - KRIs, KPIs, risk prioritisation (including definition of), and an understanding of what it takes to secure an organisation (not just run a security process). The candidate will have exceptional knowledge of current Cyber threats and focus areas, understanding the impact of digitalisation, cloud, mobile - and how to deliver frictionless security assurance services. The successful candidate will be a thought leader and a strong communicator - able to manage upwards.

Scope of the role:

o Safeguards information system assets by identifying and solving potential and actual security problems.

o Recognizes problems by identifying abnormalities, reporting violations.

o Implements security improvements by assessing current situation; evaluating trends; anticipating requirements.

o Developing security policies, procedures, and guidelines based on industry best practices.

o Maintaining awareness of new cyber threats, vulnerabilities, and technologies to keep the organization secure.

o Conducting risk assessments to identify potential security threats and vulnerabilities.

o Monitoring network activity to identify signs of intrusion or compromise.

o Developing security policies, procedures and guidelines that are compliant with federal regulations.

o Providing technical support for computer networks, including firewalls, operating systems and applications, patch management, and data security best practices.

o Conducting audits to ensure security protocols are being followed by staff.

o Providing training in information security best practices to employees or clients

Candidate Specification:

o Minimum 10 years' experience working in a similar role

o Strong first-hand experience with leading security technologies, or related technologies

o Proven experience of general infrastructure technologies and principles

o Experience of leading security teams in complex distributed organisations reporting to senior stakeholders

o Candidate should have held a CISSP or equivalent security certification for at least ten years; other security management certifications such as CISM and C|CISO an advantage.

o Structured and methodical in problem solving

o Experience of supplier relationship management, RFP/RFI processes and vendor evaluation and product selection practices

o A strong disposition to take responsibility and to lead by example.

o Ability to draw on experience to question and challenge existing or proposed solutions

o An ability to work under pressure and to tight deadlines

o Organised with good diligence with a natural ability to prioritise workload and objectives.

o Analytical skills with an ability to quickly assimilate added information

o Ability to work with and influence stakeholder groups to achieve the desired outcomes

o Effective communication skills and flexible collaborator.

o Ability to quickly grasp modern technology concepts, new infrastructure components and their impact on the overall infrastructure topology

o Is, or has been, a Head of Cybersecurity or Security Operations at another organization

- should done multiple security projects related to DLP, VDI, Server Hardening. Not only IT but building/plant security solutions as well.

- Should have worked on SIEM and end point security

- Experience of cloud security server

- Must have completed cyber security certification (ISSP,CISM etc.)

- Aware about ISO 27001:2013 and NIST framework

- Have relevant experience of Min. 10 years