Information Security Director

The position of Information Security Director is a strategic leadership role responsible for overseeing and implementing the organization's cybersecurity strategy.

• Cybersecurity Strategy & Planning
  • Develop and implement a comprehensive cybersecurity strategy aligned with the organization's business objectives, ensuring the protection of sensitive data and systems from cyber threats.
  • Conduct regular risk assessments to identify potential vulnerabilities and develop mitigation plans to minimize the impact of security incidents.
• Security Operations & Incident Response
  • Lead the implementation of a robust Security Operations Center (SOC) to provide real-time monitoring and analysis of immediate cyber threats targeting the organization's systems and data.
  • Develop and implement incident response plans, encompassing procedures for timely detection, containment, eradication, and recovery from security breaches or data loss events.
• Cyber Risk Management & Intelligence
  • Proactively identify, assess, and mitigate information security risks across the entire IT ecosystem and business processes, including evaluating the risks associated with emerging technologies and digital transformation initiatives.
  • Stay abreast of the evolving cyber threat landscape, including targeted attacks, ransomware, and insider threats, and translate complex technical risks into understandable insights for the leadership team and board of directors.
• Data Loss Prevention & Fraud Detection
  • Implement and enforce data protection policies and controls to prevent unauthorized access, misuse, or exfiltration of sensitive client information and organizational data, whether from external sources or internal staff.
  • Employ advanced anti-fraud and anomaly detection systems, including transaction monitoring and behavioral pattern analysis, to safeguard financial assets and preserve client trust.
• Security Architecture & Engineering
  • Lead the planning, selection, and implementation of security hardware and software solutions, including designing secure network and IT infrastructure aligned with industry best practices and regulatory compliance.
  • Develop and maintain a robust and scalable security architecture that supports the organization's digital transformation initiatives and ensures the security of its expanding digital footprint.
• Identity & Access Management
  • Design and implement an effective Identity and Access Management (IAM) framework to ensure that only authorized personnel have appropriate access to sensitive data, systems, and client information based on the principle of least privilege.
  • Enforce strong authentication mechanisms, including Multi-Factor Authentication (MFA), to minimize the risk of unauthorized access due to compromised credentials.
• Security Program Management
  • Develop and implement a comprehensive security program roadmap, encompassing a structured approach to securing the organization's digital infrastructure and promoting a security-first culture across all departments.
  • Lead and manage the security team, fostering a culture of continuous learning and professional development, equipping them with the skills to address emerging security challenges.
• Investigations & Forensics
  • Lead and oversee investigations into security incidents and data breaches, determining the root cause, assessing the scope of the breach, and collaborating with internal and external parties as needed.
  • Conduct forensic analysis to recover and analyze digital evidence, identifying the attackers' methods and supporting legal proceedings or regulatory reporting as necessary.
• Governance & Compliance
  • Establish and maintain a robust information security governance framework that aligns with the organization's objectives, regulatory requirements, and industry best practices.
  • Ensure continuous compliance with all applicable laws, regulations, and industry standards, including those related to data protection, privacy, and financial operations.