Information Security Governance & ISMS – Develop, implement, and maintain the Information Security Management System (ISMS), policies, and procedures, ensuring alignment with business needs, compliance requirements, and internationally recognized frameworks (ISO 27001, NIST, PCI DSS, data privacy laws).
Risk & Compliance Management – Conduct and oversee risk assessments, vulnerability scans, penetration testing, and remediation tracking. Coordinate with stakeholders on control implementation, vendor security reviews, audits, and compliance assessments.
Cybersecurity Operations – Monitor and respond to security incidents, perform deep-dive investigations, document findings, and drive containment and recovery measures while proactively tracking emerging threats and vulnerabilities.
Security Architecture & Implementation – Collaborate with IT and cross-functional teams to influence secure design, system configurations, cloud security, and network security (firewalls, DLP, SIEM, endpoint protection, IPS/IDS).
Awareness & Training – Lead security awareness programs, deliver engaging training sessions to employees and clients, and foster a culture of vigilance by influencing employee behavior as the “First Line of Defence.”
Security Projects & Strategy – Plan, design, and execute strategic cybersecurity initiatives that strengthen enterprise security posture and support secure adoption of emerging technologies and business solutions.
Stakeholder Engagement & Reporting – Establish strong relationships with business leaders and clients, aligning security priorities with business objectives. Prepare and present metrics, reports, and updates for senior management, risk committees, and governance boards.
Continuous Improvement & Expertise – Serve as a subject matter expert, staying current with evolving threats, security standards, and best practices, while continuously enhancing security processes, policies, and frameworks.