Operational Leadership & Ownership
- Own and manage the complete cybersecurity operations lifecycle
- Serve as the primary point of contact for all security-related matters within IT and business units
- Coordinate security activities across IT teams (Infrastructure, Network, Applications, Service Desk)
- Provide functional leadership for the Cybersecurity Specialist: task assignment, mentoring, performance input
- Ensure no security operational gaps exist — take ownership of any unassigned security tasks
Strategy, Policy & Governance Support
- Develop and propose cybersecurity strategy, roadmaps, and initiatives for Group Head of IT approval
- Draft, update, and maintain security policies, standards, and procedures
- Implement and enforce approved security policies across the organization
- Prepare security budget proposals, tool evaluations, and vendor recommendations
- Develop security metrics, dashboards, and executive reports for Group Head of IT
Security Operations & Monitoring (DSS05)
- Manage and optimize SIEM, EDR/XDR, and other security monitoring tools
- Perform/oversee daily security monitoring, alert triage, and threat hunting
- Define security requirements for firewall/IDS/IPS rules; review and approve rule changes; coordinate with Network/Infrastructure teams; validate compliance
- Administer identity and access management (IAM) systems, including PAM and MFA solutions
- Manage endpoint security, patching coordination (security-related), and security tool deployments
Incident Response & Crisis Management
- Own the Incident Response Plan (IRP); ensure readiness through regular testing and updates
- Lead all security incident investigations, including forensic analysis
- Execute containment, eradication, and recovery actions during incidents
- Escalate major incidents (P1/P2) to Group Head of IT with clear recommendations
- Document incident timelines, root cause analysis, and lessons learned
- Develop and maintain incident response playbooks and runbooks
- Serve as primary on-call for security incidents; manage escalation window
Risk Management & Compliance (APO12, MEA03)
- Perform technical risk assessments; develop risk treatment plans and recommendations
- Conduct vendor security assessments and third-party risk evaluations
- Support internal/external audits: evidence collection, technical responses, finding remediation
- Ensure compliance with regulatory requirements (ISO 27001, GDPR, PCI-DSS, etc.)
- Track audit findings and remediation plans; report status to Group Head of IT
Technical Implementation & Projects
- Design and oversee implementation of security solutions for infrastructure, cloud, and applications
- Lead security projects (e.g., SIEM implementation, Zero Trust, cloud security)
- Conduct security reviews for new systems, applications, and integrations
- Evaluate and recommend security tools and technologies
Security Awareness & Culture
- Develop and deliver security awareness training programs
- Conduct phishing simulations and track effectiveness
- Create and maintain security documentation, knowledge base, and SOPs
- Promote security-first culture across the organization
Required Qualifications
- Bachelor's degree in Computer Science, Information Security, or related field (preferred)
- 3-5+ years of hands-on experience in cybersecurity or IT security operations
- Professional certifications in cybersecurity, or equivalent hands-on certification (preferred); relevant experience may substitute
- Strong expertise in SIEM (Sentinel, Splunk, QRadar, or similar), EDR, vulnerability management tools
- Experience with cloud security (Azure Security Center, Defender for Cloud, AWS Security Hub)
- Knowledge of security frameworks: ISO 27001, NIST CSF, CIS Controls
- Experience working independently with minimal supervision
Required Competencies
- Ownership mindset and proactive problem-solving
- Deep technical expertise with continuous learning mindset
- Strong analytical and decision-making skills
- Ability to work independently and manage priorities
- Excellent communication with technical and non-technical stakeholders
- Ability to work under pressure during incidents
- Documentation discipline and attention to detail
- Mentoring and knowledge sharing skills