Role: Head of Information and Cyber Security
Position Type: Contract
Job Responsibilities
We are looking for an Information and Cyber Security Lead. You will be part of the founding key team member, reporting to the Chief Information Officer (CIO) and working closely with team leads in the transformation of the business. If you are passionate about technology and digital transformation for business and want to be in a team where your views matter, learning and collaboration is part of the culture, please reach out and we would love to talk to you!
· Define and implement the Enterprise InfoSec (IS) landscape and roadmap.
· Architect and develop security solutions on on-premise and cloud platforms (AWS, GCP, or Azure) using cloud-native security services.
· Design and implement secure cloud architecture for various cloud platforms.
· Provide security advisory as a trusted partner and subject matter expert cloud platforms.
· Develop, maintain, and enhance IT Security checklists and guidelines.
· Manage third-party IS due diligence on service suppliers, including onsite assessments.
· Conduct Technology Security Risk Assessments on systems throughout their lifecycle to identify and mitigate security risks.
· Ensure compliance with security frameworks and processes such as CIS, NIST, PCI/DSS, SOC 2.
· Implement process improvements for effective IT Security risk management.
· Identify security risks in the Tech Obsolescence Risk program.
· Perform periodic risk analysis, vulnerability scanning, and testing.
· Drive enterprise initiatives for comprehensive security posture analysis across different layers and sources within the network environment.
· Respond to security incidents and manage incident response.
· Communicate with regulators such as MAS and ensure solutions meet external and internal requirements and guidelines.
· Conduct security awareness training and programs for employees.
· Stay updated on security trends and new threats to safeguard the organization.
Qualifications & Experience Requirements:
Bachelor's or Master's degree in Information Security, Computer Science, or a related field.
Industry certifications such as CISSP, CISM, CCSP, or relevant cloud certifications (AWS Certified Security, Azure Security Engineer, etc.) are highly desirable.
Experience:
· Minimum 10+ years of experience in IT Security, with a focus on Enterprise InfoSec architecture and risk management.
· 5+ years of hands-on experience architecting and developing security solutions for both on-premise and cloud platforms (AWS, GCP, or Azure) using cloud-native security services.
· Proven experience in designing and implementing secure cloud architectures across multiple platforms.
· Strong experience in conducting Technology Security Risk Assessments throughout the lifecycle of systems and implementing risk mitigation strategies.
· Experience in third-party IS due diligence assessments, including managing supplier audits and onsite evaluations.
· Familiarity with security frameworks and regulatory compliance standards such as CIS, NIST, PCI/DSS, SOC 2, and experience working with regulators like MAS.
· Experience in incident response and security operations, including vulnerability scanning, periodic risk analysis, and handling security incidents.
· Track record of leading enterprise security initiatives to enhance the overall security posture, including process improvements in IT Security risk management.
· Experience conducting security awareness training and staying updated with emerging security threats.
Skills:
- Strong knowledge of cloud security architecture, cloud-native security tools, and multi-cloud environments.
- Ability to communicate complex security concepts effectively to both technical and non-technical stakeholders.
- Proficiency in security tools and technologies used for vulnerability management, risk analysis, and incident response.
- Strong leadership and advisory skills with the ability to serve as a trusted security partner within the organization.
When you apply, you voluntarily consent to the disclosure, collection and use of your personal data for employment/recruitment and related purposes in accordance with the Tech Aalto Privacy Policy, a copy of which is published at Tech Aalto’s website (https://www.techaalto.com/privacy/)
Confidentiality is assured, and only shortlisted candidates will be notified for interviews.