The Head of Cyber Security is responsible for leading and managing the organization’s cybersecurity strategy, governance, risk management, and operational security functions. This role ensures the security of IT infrastructure, applications, and data across the wholesale business while aligning cybersecurity initiatives with business objectives. The role also oversees compliance with regulatory requirements and industry best practices to mitigate cybersecurity risks.
Key Responsibilities:
1. IT Governance & Risk Program Management
- Develop and implement cybersecurity policies, standards, and guidelines to align with business needs and regulatory requirements.
- Lead enterprise-wide risk assessment and mitigation strategies to ensure cybersecurity resilience.
- Establish a cybersecurity governance framework, ensuring adherence to compliance requirements (e.g., ISO 27001, NIST, GDPR, PDPA).
- Manage third-party security risks, including vendor security assessments and contractual compliance.
2. Security Architecture & Engineering
- Design and implement robust security architectures to protect the organization's IT assets and digital infrastructure.
- Work closely with IT teams to integrate security into cloud environments, network systems, and enterprise applications.
- Oversee vulnerability management, penetration testing, and secure software development lifecycle (SDLC) practices.
3. Identity & Access Management (IAM)
- Develop and manage IAM strategies, ensuring appropriate user access controls and authentication mechanisms.
- Oversee Privileged Access Management (PAM) and Single Sign-On (SSO) solutions to strengthen security posture.
- Ensure role-based access control (RBAC) and least privilege principles are enforced across systems.
4. Security Operations Center (SOC) & Cyber Defense
- Lead the Security Operations Center (SOC) to monitor, detect, and respond to cybersecurity threats in real time.
- Oversee incident response, forensic investigations, and cyber threat intelligence initiatives.
- Implement advanced security analytics, Security Information and Event Management (SIEM), and threat-hunting capabilities.
- Develop and execute cybersecurity awareness training programs for employees
