Chief Cybersecurity Strategist

Lead Security Engineer

• Key Responsibilities:
  Provide timely and effective security incident response within a 24x7 SOC environment.
• Lead operational teams to effectively maintain the lifecycle of both on-premises and cloud-based security solutions.
• Manage responses to security and operational incidents, and ongoing security requests.
• Coordinate and manage security incidents to ensure swift identification, containment, and remediation.
• Develop and maintain incident response playbooks and procedures.
• Participate in and contribute to industry cyber forums, both formal and informal.
• Support all audits and reviews requests.
• Monitor developments in the information security industry and communicate the potential impact or applicability to the organization.

Vulnerability Management:

• Support global vulnerability management processes including operating system (OS) and infrastructure patching, hardening, and testing efforts.
• Conduct regular vulnerability assessments (VAPT) and prioritize remediation activities.
• Collaborate with IT teams to implement and validate security patches and updates.

Security Tools Operation:

• Manage the total cost of ownership (TCO) for security solutions which includes new investments and business-as-usual financials.
• Operate and manage various security tools including host intrusion detection systems (HIDS), network intrusion detection systems (NIDS), intrusion prevention systems (IPS), analysers, scanners, and more.
• Continuously monitor and analyse security tools to identify active threats, attacks, vulnerabilities, and exposures.
• Prioritize identified threats and vulnerabilities for remediation activities within the team.

Threat and Vulnerability Identification:

• Assist in the identification and evaluation of security threats and vulnerabilities.
• Conduct in-depth analysis of security events to determine the root cause and potential impact.
• Provide recommendations for mitigation and remediation solutions to address identified security issues.

Qualifications and Experience

Required Skills and Qualifications

• Proven track record for managing technical resources to deliver technology lifecycle.
• Relevant information security experience working with or for a global exchange or a global financial firm. Other IT operational experience will also be considered.
• Solid knowledge and experience in cloud technologies, and familiar with cloud security architecture, design, and operations.
• Relevant experience with SecDevOps principles, security automation, and orchestration.
• Must have relevant experience with industry best-practice approaches to the design, implementation, operation, and management of IT systems (e.g., Agile, Waterfall, ITIL, COBIT).
• Must have relevant experience with information security (e.g., CISSP, CCSP).
• Must have strong information security technology knowledge/concept and can effectively communicate with senior management and a broad range of technical/non-technical audiences.
• Must have strong written communication skills, experienced with writing board-level papers, and verbal presentations to senior management.
• Must have a relevant university degree in computer science, information management, or related field, or equivalent experience.

Competency and Behavioural Skills

Essential Requirements

• Bachelor's degree in computer science, information systems, cybersecurity, or a related field.
• At least 10 years of relevant experience in cybersecurity.
• Knowledge of information technology operation (e.g., cloud, data, system, application, and infrastructure, etc.).
• Knowledge of cybersecurity assessment (e.g., security audit, vulnerability assessment, penetration testing, etc.).
• Knowledge of cybersecurity product (e.g., End-Point Solution (EDR), WAF, DLP, SIEM, SOAR).
• Knowledge of market best practice and framework (e.g., ITIL, ISO, PCI-DSS, NIST, etc.).
• Certification in cybersecurity is an advantage (e.g., CISSP, CISM, CISA, ISO Lead Auditor, CEH, etc.).

Desirable Requirements

• Certification in project management and framework is an advantage (e.g., PMP, CPM, CSM, PRINCE2, CompTIA Project+, etc.).