● Bachelor's degree in Information Security, Information Management Systems, Information Technology, Cybersecurity, or any related discipline.
● Master's degree in Information Management Systems, Information Technology, Cybersecurity (preferred).
● Professional certifications such as Project Management Professional (PMP), CISSP, CISM, CCSP/CCSK; are advantageous.
● Certified ISO 27001 lead implementer or lead auditor.
● Training or certification in security monitoring tools such as SIEM.
● A minimum of 11 years of experience in information security, with 5 years leading operations/support or SOC/IAM/vulnerability functions.
● Extensive experience in conducting risk assessments, developing risk mitigation strategies, and managing incident response for security breaches and attacks.
● Extensive experience in leading the implementation and management of access controls and authorizations for various systems and databases to ensure compliance with organizational security policies.
● Experience ensuring compliance with these standards and regulations in all operations and third-party engagements.
● Robust experience in managing all aspects of information security incidents, including identification, analysis, containment, eradication, and recovery.
● Proven competence in overseeing testing and compliance checks on applications and systems developed by third-party vendors.
● Strong background in developing and implementing disaster recovery plans that address potential risks and ensure continuity of operations in the event of security breaches or disasters.
● Proven track record of effectively managing an information security operations center (SOC), cyber threat intelligence or similar environments that monitor and protect organizational IT infrastructure.
Key Skills & Capabilities: ● Capable of advanced implementation of information security policies and procedures to monitor operations and ensure compliance with standards and regulations. ● Advanced in classifying information into various asset groups, maintaining systems, and sharing information with stakeholders. ● Advanced in understanding and applying risk management methodologies, including assessing risks, evaluating vulnerabilities and threats, and following up on risk treatments. ● Advanced in responding to security incidents by following established protocols and effectively managing stakeholder interactions. ● Advanced in developing access control matrices and conducting thorough access reviews of information systems, identifying and addressing deviations. ● Proficient in developing secure operational policies and ensuring effective implementation of change controls, backups, and patch management. ● Proficient in applying secure software development Life Cycle (S-SDLC) practices, advising on application security, and conducting architecture reviews. ● Proficient in conducting vulnerability and penetration tests, monitoring threats, and addressing continuity issues with relevant business departments. ● Advanced in auditing information security standards and processes, capable of conducting compliance checks and developing continual improvement plans. ● Advanced in understanding the requirements for information security assurance and performance assessments for standards like ISO 27001 and ISR. ● Advanced in developing and delivering information security training and awareness programs, researching new topics, and evaluating training outcomes. ● Proficient in understanding cloud security regulations, ensuring compliance, and conducting governance and risk assessments. ● Ability to develop and execute long-term security strategies that align with organizational goals. ● Capability to manage a diverse team to achieve excellent results in information security. ● Strong analytical capabilities for troubleshooting, problem-solving, and decision-making within operational settings. ● Skill in using analytics to monitor system performance and to derive actionable insights from data. ● Profound knowledge of cybersecurity principles, practices, and technologies including firewall management, intrusion detection systems, anti-virus software, data encryption, and other industry-standard techniques and practices. |