IT Security Head

The Head of IT Security is a critical leadership role responsible for developing IT Security Standards and Procedures as well as implementing IT security strategy, initiatives and programs as aligned to the overall Information Security Strategy of the CISO Team.

This individual will lead a team of IT Security Officers to protect the company's information assets, systems and networks from internal and external threats.

The Head of IT Security will ensure compliance with relevant regulations and industry best practices, and will act as key advisor to senior management on all technical security-related matters.

The Head of IT Security is directly reporting to the CTO / Head of IT and has a broken line reporting to the CISO.

Responsibilities

Strategy and Leadership

• Develop comprehensive implementing plans aligned to the overall information security strategy of the CISO.

● Provide leadership and direction to the IT security team, fostering a culture of security awareness and best

practices.

● Stay abreast of emerging security threats, vulnerabilities and technologies.

● Act as a subject matter expert on IT security, providing guidance and recommendations to senior management.

Security Operations

• Oversee the day-to-day operations of the IT security team as well as the 3rd party MSOC provider on incident response, vulnerability management and security monitoring and investigation.
• Develop and maintain IT-specific security policies, standards, and procedures and it must be aligned to the ISSP (Information Security Strategy Plan) and ISP (Information Security Program).
• Manage and maintain security infrastructure, including firewalls, IDS/IPS, SIEM and other security related tools JD-AVP-006 / Rev 0 /
• Manage the 3rd party MSOC by conducting monthly service and performance reviews.

Risk Management and Compliance

• Conduct regular technical security assessments to identify and mitigate risks.
• Ensure compliance with relevant regulations and industry standards i.e. BSP circular 808, 982, ISO 27001 or as per direction of the CISO.

Incident Management and Response

• Develop and maintain an incident management and response plan
• Develop and maintain a security playbook that includes actions and response to different potential incidents that may pose harm to the organization.
• Conduct regular testing of security playbook to institutionalize the actions and responses of the different stakeholders during a security incidents
• Provide reporting of the regular security testing as directed by the Incident Management Procedure
• Lead incident response efforts, and manage post incident reviews including lessons learned and if necessary update the related procedures and playbooks.
• Manage security incidents and investigations, including forensic analysis and reporting and report the result following the Incident Management Procedure.

Team Management and Collaboration

• Recruit, train, and mentor IT security officers.
• Collaborate with CISO team, other IT teams and business units to ensure security is integrated into all aspects of the organization.
• Manage vendor relationships related to security products and services.
• Collaborate with the CISO team on IT security budget considerations.

Qualifications

• Graduate of BS Computer Engineering or Information Technology or Computer Science;
• 5-10 years of experience in IT security position
• Working Schedule: Monday to Friday, 44 hours weekly;
• Working Setup: Hybrid, mostly work at home.