Head of Cyber Security

Job Purpose:

The Head of Cyber Security is responsible for developing, implementing, and overseeing a comprehensive cybersecurity strategy that protects the group’s digital assets, infrastructure, systems, and data from internal and external threats. This job encompasses policy development, risk assessment, incident response, security operations, compliance, and awareness. The Head of Cyber Security serves as the group’s cybersecurity authority, ensuring alignment between security programs and business objectives, while fostering a security-first culture across the group.

Resposibilities:

Strategic Leadership & Governance

•Develop and lead the execution of the group-wide cyber security strategy in alignment with business goals and technology roadmap.

•Define cybersecurity policies, standards, and procedures based on industry best practices and regulatory requirements.

•Lead the group’s Cyber Security Governance Committee and regularly report on security posture to executive leadership and board-level risk committees.

•Champion a proactive security culture by integrating cybersecurity into all business and technology decision-making processes.

Cybersecurity Operations & Risk Management

•Oversee the design, implementation, and management of security tools and controls including firewalls, SIEM, EDR, IAM, and DLP solutions.

•Direct the Security Operations Centre (SOC) and ensure continuous monitoring, threat intelligence, and rapid response to potential breaches.

•Conduct regular vulnerability assessments, penetration testing, and risk assessments to identify and mitigate potential threats.

•Lead cyber incident response planning, simulation exercises, and post-mortem reviews to improve organizational resilience.

Compliance & Audit

•Ensure compliance with relevant regulatory frameworks (e.g., ISO 27001, NIST, GDPR, PCI-DSS, local cybersecurity laws).

•Collaborate with internal and external auditors during cybersecurity audits and ensure timely remediation of any findings.

•Maintain up-to-date records of all cybersecurity-related incidents, controls, and risk assessments for audit and regulatory purposes.

Data Privacy and Information Protection

•Work closely with the Data Protection Officer (DPO) and Legal team to ensure data protection measures are enforced.

•Oversee implementation of data classification, encryption, and secure data handling practices across the organization.

•Drive initiatives to reduce data leakage, insider threats, and loss of intellectual property.

Security Architecture & Infrastructure

•Guide the secure design of systems, networks, and applications from the ground up, incorporating security by design principles.

•Collaborate with IT infrastructure and application development teams to embed cybersecurity into solution architecture.

•Ensure cloud security governance is established and enforced across all SaaS, IaaS, and PaaS environments.

Awareness, Training & Culture

•Develop and lead group-wide security awareness campaigns and training programs for employees, contractors, and third parties.

•Create tailored training initiatives for high-risk user groups and leadership teams.

•Promote a culture of shared cybersecurity responsibility across all departments.

Vendor & Third-Party Security

•Assess the security posture of vendors, suppliers, and partners as part of the third-party risk management program.

•Establish security requirements and SLAs in vendor contracts and conduct periodic due diligence and reviews.

Budget & Team Leadership

•Lead, mentor, and manage the cybersecurity team, fostering a high-performance culture and continuous professional development.

•Define resource requirements, develop cybersecurity budgets, and oversee procurement of security technologies and services.

•Build capability maturity across cyber domains and succession plans for critical security roles.

General

•Uphold company values throughout business practices and utilise sound judgment in decision making.

•Any other additional duties as may be required by management based on needs of the business.

Requirements:

•A minimum of 10+ years of progressive experience in information security, with at least 5 years in a senior leadership role.

•Proven experience in managing enterprise security programs in large and complex organizations.

•Demonstrated expertise in threat management, incident response, risk assessment, security architecture, and compliance.

•Masters’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.

•Professional certifications such as CCISO, ISO 27001, ISO 42001, CISA, CISM, CISSP, AAIA, CEH, OSCP, or equivalent vendor-neutral credentials are required .

•Product/Technology related certification are preferred.