Key Responsibilities

• Security Policy Development:
  Design, implement, and regularly update comprehensive security policies and procedures to protect the company's assets, including sensitive data and intellectual property. Ensure alignment with industry standards and regulatory requirements.
• Team Leadership and Development:
  Build, manage, and mentor a high-performing team of security professionals. Foster a culture of continuous learning through training sessions and professional development opportunities.
• Strategic Security Planning:
  Develop and execute long-term and short-term security strategies that align with business objectives. Ensure security considerations are integrated into the product lifecycle from design to deployment.
• Engineering Collaboration:
  Partner with engineering and development teams for design and architecture reviews. Conduct threat modeling and security assessments to identify vulnerabilities early in the development process.
• Vulnerability Management:
  Lead initiatives for security, vulnerability, and penetration testing (VAPT). Establish systematic approaches for identifying, assessing, and remediating security weaknesses across all systems.
• Identity and Access Management (IAM):
  Drive the development of IAM frameworks to manage user identities effectively. Ensure robust access controls are implemented to protect sensitive resources.
• Security Operations Center (SOC) Management:
  Oversee SOC operations, ensuring real-time monitoring, incident response, and threat intelligence analysis. Implement processes for threat detection and reporting.
• Compliance Oversight and Auditing:
  Enhance the organization’s compliance strategy through regular audits to ensure adherence to regulatory requirements like GDPR, PCI-DSS, and ISO 27001.
• Application Security Testing:
  Implement Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) practices to identify vulnerabilities within applications throughout the development lifecycle.
• Innovative Security Solutions:
  Design new security systems, tools, and processes to address emerging threats. Leverage automation to enhance efficiency.
• Stakeholder Engagement and Communication:
  Engage with stakeholders across technical teams, management, and external partners. Clearly communicate security risks and recommendations for organizational alignment.
• Performance Metrics and Reporting:
  Establish KPIs to measure the effectiveness of security initiatives. Regularly report on security posture, incidents, and compliance status to senior leadership.
• Cross-Functional Collaboration:
  Collaborate with IT, legal, and operations departments to integrate security into business continuity planning.
• Weekly Scrum Calls:
  Facilitate weekly scrum calls to discuss ongoing projects, track progress, and address challenges.
• Communication with Senior Leadership:
  Maintain regular communication with senior leadership regarding updates on security initiatives and compliance status.
• Future-Proofing Security Initiatives:
  Continuously assess security strategies against evolving threats. Stay informed on industry trends to maintain a proactive posture.
• Risk Assessment and Mitigation:
  Identify potential security risks to the organization. Develop initiatives to mitigate these risks and present findings for informed decision-making.

Qualifications

• Proven experience in infrastructure security management.
• Strong understanding of regulatory requirements related to data protection.
• Excellent leadership skills with a focus on team development.
• Ability to communicate complex security concepts clearly to diverse audiences.
• Experience with vulnerability management tools and methodologies.
• Familiarity with IAM frameworks and SOC operations is preferred.