Security Lead

Key Responsibilities:

1. Security Strategy & Governance:

• Develop, implement, and maintain security policies, procedures, and controls.
• Support the CISO in building a comprehensive security program aligned with business goals.
• Ensure compliance with standards such as ISO 27001, NIST, GDPR, and relevant local regulations.

2. Threat & Vulnerability Management:

• Identify, assess, and mitigate security risks across networks, systems, applications, and cloud environments.
• Lead vulnerability assessments, penetration testing, and security audits.
• Monitor threat intelligence feeds and respond to emerging threats.

3. Incident Response & Investigation:

• Lead incident response efforts, including containment, root cause analysis, and remediation.
• Develop and maintain an incident response plan and conduct regular tabletop exercises.
• Document incidents and report findings to management and regulatory bodies when needed.

4. Team Leadership & Collaboration:

• Supervise security analysts/engineers and coordinate with cross-functional IT and business teams.
• Mentor junior team members and promote a culture of security awareness.
• Work with infrastructure, application, and network teams to integrate security best practices.

5. Tools & Technology Management:

• Manage and optimize security tools such as SIEM, DLP, EDR, firewalls, and IAM solutions.
• Evaluate and onboard new security technologies and services as required.

6. Training & Awareness:

• Drive company-wide security awareness and training initiatives.
• Educate staff on phishing, social engineering, password hygiene, and data protection.

Key Requirements:

• Education:
• Bachelor's degree in Computer Science, Information Security, or a related field.
• Master's degree or MBA in Information Security or IT Management is a plus.
• Certifications (preferred):
• CISSP, CISM, CEH, OSCP, ISO 27001 LA, or similar.
• Experience:
• 610 years of experience in information security, with at least 23 years in a lead or managerial role.
• Skills:
• Deep understanding of cybersecurity frameworks and principles
• Experience with security monitoring, forensics, and incident response
• Knowledge of secure software development (DevSecOps), cloud security (AWS, Azure), and network security
• Strong communication, leadership, and stakeholder management skills
• Ability to handle pressure in fast-paced environments