Head of Cybersecurity

Responsible for developing, leading, and continuously enhancing the Group’s cybersecurity strategy and program while applying the latest cybersecurity trends and technologies. This includes overseeing the design and implementation of security architecture, establishing and maintaining robust cybersecurity governance, ensuring compliance with relevant regulations and standards, managing cyber risks, and leading the organization’s incident response and vulnerability management processes.  The role also involves managing a hybrid cybersecurity function, comprising both in-house teams and outsourced service providers, to ensure the effective delivery of cybersecurity capabilities across the organization.

Cybersecurity Strategy and Leadership

• Lead the design, implementation, and evolution of the Group's cybersecurity strategy, ensuring alignment with business objectives and risk tolerance.
• Oversee the full cybersecurity function including architecture, governance, risk, compliance, security operations, and incident reporting and response.
• Manage cybersecurity budget.

Security Architecture Oversight

• Govern the development of the enterprise security architecture (ESA) methodology, ensuring preventive, detective, and corrective mechanisms are embedded.
• Ensure alignment between business objectives, security goals, and ESA requirements.
• Oversee the planning and validation of cyber resilience measures, including disaster recovery planning in collaboration with IT and business stakeholders.

Cybersecurity Governance

• Oversee development and lifecycle of security policies and procedures.
• Ensure proper coordination of user access reviews and approval processes.
• Lead employee lifecycle security assessments: pre-employment, during employment, and post-employment.

Risk Management

• Develop and maintain the cybersecurity risk management framework.
• Oversee risk assessments, and ensure monitoring and remediation of identified risks in alignment with enterprise risk management standards.

Cybersecurity Compliance

• Lead internal cybersecurity related IT audits and monitoring of compliance with internal policies and external regulations.
• Oversee the development of cybersecurity SOPs and ensure organizational compliance.
• Lead coordination and execution of internal and external cybersecurity audits.

Cybersecurity Operations

• Manage 24x7 security monitoring activities and cryptography governance through the Security Operations Center.
• Ensure effective coordination and performance of the operations team.

Incident Response Management

• Oversee threat identification and timely response to security incidents.
• Ensure post-incident reviews are conducted and corrective actions are implemented to prevent recurrence.

Vulnerability Management

• Govern the planning and execution of vulnerability assessments and penetration testing.
• Ensure timely remediation of identified vulnerabilities and reporting to senior stakeholders.

Training, Awareness & Culture

• Lead organization-wide cybersecurity awareness and training programs.
• Promote a security-first culture across business units and employees.

Reporting & Stakeholder Communication

• Provide periodic cybersecurity posture updates, risk assessments, and incident summaries to executive leadership and governance committees.
• Act as the central point of contact for internal and external cybersecurity audits and assessments.

Collaboration and Oversight

• Coordinate closely with IT Security, Internal Audit, Risk, HR, and Legal to ensure cybersecurity measures are fully integrated and not duplicative.
• Maintain clear role boundaries between cybersecurity governance and IT security implementation functions.

Team and Vendor Management

• Lead and manage a hybrid team model including in-house cybersecurity staff and outsourced partners or managed service providers (MSPs) where applicable.
• Define scopes of work, SLAs, and KPIs for outsourced services and ensure performance aligns with cybersecurity objectives.
• Build strong relationships with external vendors, ensuring contractual obligations and service quality standards are met.

Ensure clear roles, responsibilities, and coordination between internal and external cybersecurity resources.

Qualifications

• Bachelor’s degree in Computer Science, Information Security, Information Technology, or a related field.
• Professional certifications such as CISSP, CISM, CRISC, CISA, or equivalent are required.
• Relevant training or certifications in risk management frameworks (e.g., ISO 27005, NIST RMF) and cybersecurity standards (e.g., ISO 27001, NIST CSF, COBIT) are a plus.

Experience

• Minimum of 10 years of progressive experience in information security or cybersecurity, with at least 3–5 years in a leadership or managerial role.
• Proven experience in designing and managing cybersecurity programs, governance structures, and risk management frameworks.
• Demonstrated track record in overseeing incident response, security operations, compliance programs, and security awareness initiatives.
• Experience working in complex, multi-entity group organizations and managing cross-functional security teams.
• Familiarity with regulatory environments in the region.

Knowledge & Skills

• Solid understanding of cybersecurity frameworks and standards (e.g., ISO 27001, NIST, COBIT).
• Knowledge of risk assessment, incident response, and vulnerability management practices.
• Familiarity with enterprise security architecture principles and security operations oversight.
• Strong grasp of policy development, compliance, and audit requirements.
• Excellent leadership, communication, stakeholder engagement skills, and problem solving skills.
• Strategic, analytical, and solution-oriented mindset with the ability to align security with business objectives.