Head of IT Security Operations who will be responsible for developing, implementing, and maintaining a robust cybersecurity framework that safeguards the organization’s technology infrastructure and data assets. This role leads the design and execution of security operations strategies aligned with business objectives, compliance mandates, and industry best practices such as COBIT 2019, ITIL, and ISO/IEC 27001.

Key Responsibilities

A. Governance & Risk Management

• Enforce organizational IT security policies, procedures, and standards.
• Ensure alignment of security practices with business strategies, legal, and regulatory requirements (e.g., PCI DSS, NIST).
• Implement and maintain comprehensive risk management practices across all IT domains.
• Conduct periodic compliance reviews, security audits, and gap assessments to ensure adherence to frameworks and policies.

B. IT Security Operations Management

• Direct daily security operations including threat detection, vulnerability management, and incident response.
• Integrate security controls within IT Service Management (ITSM) processes to enhance service reliability and resilience.
• Collaborate with Incident, Problem, and Change Management teams to reduce operational risks and minimize security exposure.
• Support IT Service Continuity and Disaster Recovery strategies to ensure business continuity during security events.
• Promote organization-wide cybersecurity awareness and conduct targeted training programs.

C. Information Security Management

• Maintain, monitor, and continuously enhance the Information Security Management System (ISMS).
• Ensure compliance with ISO 27001 Annex A controls, covering access management, cryptography, logging, and incident handling.
• Conduct security risk assessments and oversee the implementation of mitigation strategies.
• Manage third-party security assessments, ensuring vendors comply with organizational security standards.

Key Performance Indicators

• Incident Response: Achieve reduced Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR).
• Regulatory Compliance: Maintain full compliance with applicable security and data protection standards.
• Operational Resilience: Minimize security-driven downtime and service disruptions.
• Risk Mitigation: Decrease vulnerabilities and improve patch management effectiveness.
• Security Culture: Enhance participation in security awareness and phishing simulation programs.

Qualifications & Experience

• Bachelor’s degree in Computer Science, Information Security, or a related field; a Master’s degree is an advantage.
• Professional certifications such as CISSP or CISM are required.
• At least 15 years of experience in a senior cybersecurity or IT security leadership role, preferably within a regulated industry.
• In-depth understanding of cybersecurity frameworks, governance standards, and data protection regulations.
• Proven expertise in security operations, threat management, and compliance with frameworks like COBIT, ITIL, PCI DSS, and NIST.
• Strong knowledge of ITSM processes, particularly in incident, problem, and change management.
• Demonstrated ability to lead teams, manage stakeholders, and communicate effectively at all organizational levels.
• Experience in risk assessment, audit processes, and implementing enterprise-wide security strategies.

Core Competencies

• Strategic and analytical thinking
• Leadership and people management
• Effective communication and stakeholder engagement
• Risk management and incident response
• Problem-solving and decision-making
• Project and budget management

Technical Expertise

Hands-on experience with advanced cybersecurity technologies, including:

• Next-Generation Firewalls and Web Application Firewalls
• Intrusion Prevention Systems (IPS) and DDoS protection
• Endpoint and Data Loss Prevention solutions
• Database activity monitoring and encryption tools
• Identity and Access Management (IAM) and Privileged Access Management (PAM)
• Patch and Vulnerability Management systems
• Cloud and SaaS security controls
• Security Information and Event Management (SIEM)
• Security Orchestration, Automation, and Response (SOAR) systems