Responsibilities
1. Governance, Risk & Compliance (GRC)
- Lead and manage SWIFT CSP, COSO, and ISO 27001 readiness, audits, and compliance programs.
- Develop, implement, and maintain enterprise security governance frameworks, policies, and standards.
- Conduct internal security audits, risk reviews, and gap assessments.
- Track remediation plans and ensure timely closure of compliance findings.
- Support certification and regulatory audits with proper documentation and evidence.
2. Enterprise Risk Management
- Perform enterprise-wide risk assessments to identify critical vulnerabilities and exposures.
- Develop and monitor risk mitigation strategies and remediation plans.
- Ensure alignment between security risk management and business objectives.
- Prepare and present risk reports, dashboards, and security metrics to senior leadership and stakeholders.
3. Security Operations
- Oversee vulnerability management lifecycle, including identification, prioritization, remediation, and tracking.
- Collaborate with Security Operations Center (SOC) for proactive threat detection and monitoring.
- Ensure effective implementation of security controls across endpoints, networks, applications, and cloud environments.
- Monitor security posture and ensure continuous risk reduction across enterprise systems.
4. Security Tools & Technologies
Hands-on experience with enterprise security technologies including:
- SIEM: Log analysis, alert tuning, correlation rules, and incident triage
- DLP: Data protection policies, monitoring, and incident handling
- EDR/XDR: Endpoint threat detection and response management
- Firewalls: Security policy review, configuration validation, and compliance alignment
- IAM: Identity governance, access control policies, and lifecycle management
5. Incident Management & Response
- Develop, implement, and maintain Incident Response (IR) frameworks and playbooks.
- Lead end-to-end incident management, including containment, eradication, and recovery.
- Conduct Root Cause Analysis (RCA) and coordinate post-incident reviews.
- Prepare detailed incident reports for management, compliance teams, and auditors.
- Ensure incident response processes meet regulatory and organizational requirements.
6. Leadership & Stakeholder Management
- Lead and mentor security analysts, SOC teams, and GRC professionals.
- Work closely with internal teams, customers, vendors, and external auditors to address security requirements.
- Provide clear communication, status updates, and executive reporting on security posture and initiatives.
- Drive security awareness and cross-functional collaboration across the organization.
7. Architecture, Governance & Secure Configuration
- Develop and maintain enterprise security policies, standards, and procedures.
- Ensure secure configuration baselines for infrastructure, applications, and cloud platforms.
- Partner with DevOps, IT, and Cloud teams to embed security within the system development lifecycle.
- Provide guidance on secure architecture design for new business initiatives and digital transformation projects.
Qualifications:
- 10+ years of experience in Cybersecurity with strong exposure to GRC and Security Operations.
- Hands-on experience with security frameworks and compliance standards (ISO 27001, SWIFT CSP, COSO).
- Experience managing enterprise security tools and security monitoring platforms.
- Proven ability to lead security teams, audits, and risk management programs.
Strong understanding of cloud security, enterprise architecture, and security operations.
