Job Description

Responsible for developing, leading, and continuously enhancing the Group's cybersecurity strategy and program while applying the latest cybersecurity trends and technologies. This includes overseeing the design and implementation of security architecture, establishing and maintaining robust cybersecurity governance, ensuring compliance with relevant regulations and standards, managing cyber risks, and leading the organization's incident response and vulnerability management processes. The role also involves managing a hybrid cybersecurity function, comprising both in-house teams and outsourced service providers, to ensure the effective delivery of cybersecurity capabilities across the organization.

Cybersecurity Strategy and Leadership

Lead the design, implementation, and evolution of the Group's cybersecurity strategy, ensuring alignment with business objectives and risk tolerance. Oversee the full cybersecurity function including architecture, governance, risk, compliance, security operations, and incident reporting and response. Manage cybersecurity budget.

Security Architecture Oversight

Govern the development of the enterprise security architecture (ESA) methodology, ensuring preventive, detective, and corrective mechanisms are embedded. Ensure alignment between business objectives, security goals, and ESA requirements. Oversee the planning and validation of cyber resilience measures, including disaster recovery planning in collaboration with IT and business stakeholders.

Cybersecurity Governance

Oversee development and lifecycle of security policies and procedures. Ensure proper coordination of user access reviews and approval processes. Lead employee lifecycle security assessments: pre-employment, during employment, and post-employment.

Risk Management

Develop and maintain the cybersecurity risk management framework. Oversee risk assessments, and ensure monitoring and remediation of identified risks in alignment with enterprise risk management standards.

Cybersecurity Compliance

Lead internal cybersecurity related IT audits and monitoring of compliance with internal policies and external regulations. Oversee the development of cybersecurity SOPs and ensure organizational compliance. Lead coordination and execution of internal and external cybersecurity audits.

Cybersecurity Operations

Manage 24x7 security monitoring activities and cryptography governance through the Security Operations Center. Ensure effective coordination and performance of the operations team.

Incident Response Management

Oversee threat identification and timely response to security incidents. Ensure post-incident reviews are conducted and corrective actions are implemented to prevent recurrence.

Vulnerability Management

Govern the planning and execution of vulnerability assessments and penetration testing. Ensure timely remediation of identified vulnerabilities and reporting to senior stakeholders.

Training, Awareness & Culture

Lead organization-wide cybersecurity awareness and training programs. Promote a security-first culture across business units and employees.

Reporting & Stakeholder Communication

Provide periodic cybersecurity posture updates, risk assessments, and incident summaries to executive leadership and governance committees. Act as the central point of contact for internal and external cybersecurity audits and assessments.

Collaboration and Oversight

Coordinate closely with IT Security, Internal Audit, Risk, HR, and Legal to ensure cybersecurity measures are fully integrated and not duplicative. Maintain clear role boundaries between cybersecurity governance and IT security implementation functions.

Team and Vendor Management

Lead and manage a hybrid team model including in-house cybersecurity staff and outsourced partners or managed service providers (MSPs) where applicable. Define scopes of work, SLAs, and KPIs for outsourced services and ensure performance aligns with cybersecurity objectives. Build strong relationships with external vendors, ensuring contractual obligations and service quality standards are met.

Ensure clear roles, responsibilities, and coordination between internal and external cybersecurity resources.

Job Purpose

---------------



Responsible for developing, leading, and continuously enhancing the Group's cybersecurity strategy and program while applying the latest cybersecurity trends and technologies. This includes overseeing the design and implementation of security architecture, establishing and maintaining robust cybersecurity governance, ensuring compliance with relevant regulations and standards, managing cyber risks, and leading the organization's incident response and vulnerability management processes. The role also involves managing a hybrid cybersecurity function, comprising both in-house teams and outsourced service providers, to ensure the effective delivery of cybersecurity capabilities across the organization.

Job Responsibilities

------------------------

Cybersecurity Strategy & Leadership

Lead the development and execution of the Group's cybersecurity strategy aligned with business goals and risk appetite. Oversee the full function including architecture, governance, risk, compliance, operations, and incident response. Manage the cybersecurity budget.

Security Architecture

Govern the enterprise security architecture to ensure preventive, detective, and corrective measures are in place. Align architecture with business needs and resilience planning, including disaster recovery.

Governance & Compliance

Develop and maintain security policies, procedures, and SOPs. Ensure user access governance, employee lifecycle security checks, and compliance with internal and external audit requirements.

Risk & Incident Management

Implement a robust risk management framework. Oversee risk assessments, incident detection, response, and post-incident reviews with corrective actions.

Security Operations & Monitoring

Manage 24/7 security operations and cryptographic controls. Ensure effective vulnerability management through assessments, penetration testing, and timely remediation.

Awareness & Culture

Drive organization-wide cybersecurity training and promote a security-first mindset.

Reporting & Stakeholder Engagement

Provide regular updates on cybersecurity posture, risks, and incidents to senior leadership. Serve as the primary liaison for internal and external audits.

Collaboration & Integration

Coordinate with IT, Audit, Risk, HR, and Legal to ensure cohesive and non-duplicative cybersecurity efforts. Maintain clear boundaries between governance and implementation.

Team & Vendor Management

Lead a hybrid team model (in-house and outsourced). Define SLAs, manage vendor performance, and ensure aligned cybersecurity outcomes.

Job Requirements

--------------------

Qualifications

Bachelor's degree in Computer Science, Information Security, Information Technology, or a related field. Professional certifications such as CISSP, CISM, CRISC, CISA, or equivalent are required. Relevant training or certifications in risk management frameworks (e.g., ISO 27005, NIST RMF) and cybersecurity standards (e.g., ISO 27001, NIST CSF, COBIT) are a plus.

Experience

Minimum of 10 years of progressive experience in information security or cybersecurity, with at least 3-5 years in a leadership or managerial role. Proven experience in designing and managing cybersecurity programs, governance structures, and risk management frameworks. Demonstrated track record in overseeing incident response, security operations, compliance programs, and security awareness initiatives. Experience working in complex, multi-entity group organizations and managing cross-functional security teams. Familiarity with regulatory environments in the region.

Knowledge & Skills

Solid understanding of cybersecurity frameworks and standards (e.g., ISO 27001, NIST, COBIT). Knowledge of risk assessment, incident response, and vulnerability management practices. Familiarity with enterprise security architecture principles and security operations oversight. Strong grasp of policy development, compliance, and audit requirements. Excellent leadership, communication, stakeholder engagement skills, and problem solving skills. Strategic, analytical, and solution-oriented mindset with the ability to align security with business objectives.

Qualifications

Bachelor's degree in Computer Science, Information Security, Information Technology, or a related field. Professional certifications such as CISSP, CISM, CRISC, CISA, or equivalent are required. Relevant training or certifications in risk management frameworks (e.g., ISO 27005, NIST RMF) and cybersecurity standards (e.g., ISO 27001, NIST CSF, COBIT) are a plus.

Experience

Minimum of 10 years of progressive experience in information security or cybersecurity, with at least 3-5 years in a leadership or managerial role. Proven experience in designing and managing cybersecurity programs, governance structures, and risk management frameworks. Demonstrated track record in overseeing incident response, security operations, compliance programs, and security awareness initiatives. Experience working in complex, multi-entity group organizations and managing cross-functional security teams. Familiarity with regulatory environments in the region.

Knowledge & Skills

Solid understanding of cybersecurity frameworks and standards (e.g., ISO 27001, NIST, COBIT). Knowledge of risk assessment, incident response, and vulnerability management practices. Familiarity with enterprise security architecture principles and security operations oversight. Strong grasp of policy development, compliance, and audit requirements. Excellent leadership, communication, stakeholder engagement skills, and problem solving skills. * Strategic, analytical, and solution-oriented mindset with the ability to align security with business objectives.