Cybersecurity Division Head

The position is primarily responsible for leading and managing the organization's cybersecurity strategy to ensure the confidentiality, integrity, and availability of digital information. The position is also responsible for overseeing the security engineering, governance, compliance, security operations, security testing, and identity and privilege access management to protect the organization against evolving cyber threats.

Duties and Responsibilities

A. Planning and Direction Setting

1. Formulates the strategic and operational plans relative to cyber security, its governance, and compliance with regulatory requirements and industry standards.
2. Establishes and enforces the organization's cyber security policies, standards, and protocols.
3. Spearheads activities relative to cybersecurity awareness and training programs to educate employees about security policies and best practices.
4. Keeps abreast of the latest updates and best practices in cybersecurity to improve enterprise security, adapt technology solutions, and mitigate threat attacks.

B. Security Governance

1. Defines and implements the organization's cybersecurity strategy, policies, and frameworks.
2. Establishes security risk management processes, ensuring alignment with business objectives.
3. Communicates cybersecurity risks and strategies to executive leadership.
4. Spearheads the cybersecurity awareness and training initiatives across the organization.

C. Security Compliance

1. Ensures compliance with regulatory frameworks and cybersecurity laws.
2. Supports internal security audits, assessments, and gap analyses to maintain compliance.
3. Oversees third-party/vendor risk assessments to ensure compliance with security requirements.
4. Communicates with legal and compliance teams to address data protection and privacy laws.

D. Security Engineering and Security Testing

1. Directs the implementation and management of security controls such as firewalls, intrusion detection systems, encryption, and access controls.
2. Oversees the development and execution of architecture and infrastructure designs as well as vulnerability assessments and penetration testing.
3. Monitors the deployment, integration, and configuration of all new security solutions based on standard operating procedures.
4. Ensures secure software development lifecycle (SDLC) practices are followed, and third-party applications and cloud services undergo security assessments.
5. Assesses and mitigates vulnerabilities in IT infrastructure, cloud environments, and networks.
6. Identifies and remediates application and infrastructure security vulnerabilities.
7. Collaborates with IT and development teams to integrate security into systems and applications.

E. Security Operations Center

1. Manages SOC functions, including threat detection, incident response, and digital forensics.
2. Optimizes security monitoring tools, SIEM solutions, and threat intelligence platforms.
3. Develops and tests incident response plans to ensure effective mitigation of cybersecurity threats.
4. Establish full monitoring capabilities for proactive threat management.
5. Leads forensic investigations and root cause analyses of security incidents.

F. Identity and Privilege Access Management (IAM/PAM)

1. Creates and enforces identity governance policies for access control and authentication.
2. Supervises the administration of multi-factor authentication (MFA), single sign-on (SSO), and privileged access management (PAM) solutions.
3. Authorizes role-based access control (RBAC) and least privilege access principles.
4. Participates in reviewing user access rights, ensuring compliance with security policies.

G. Management Leadership

1. Finalizes plans, programs, budgets, and performance targets of the division.
2. Plans, directs, and coordinates all activities of the departments to reach maximum levels of employee productivity throughout the workforce.
3. Provides upfront leadership in supervising all direct and indirect reports and planning for their career advancement and aspirations.
4. Supervises and evaluates the performance of all direct reports.
5. Approves/schedules all vacation leaves of all direct reports.

H. Others

1. Participates actively during staff meetings, training programs and other professional development work.
2. Makes recommendations on matters pertinent to business operations and other related activities.
3. Performs other related duties as assigned.

Qualifications

Education:
Bachelor's degree in Cybersecurity, Information Security, Computer Science, or a related field. Preferably with Master's degree or with Certifications in CISSP, CISM, CISA, CRISC, and other relevant certifications.

Experience(s
): At least ten (10) years of work experience in cybersecurity governance, risk management, compliance, and managing security policies and controls.