Associate Director - Cyber Security

The Head of Cyber Security is responsible for leading and managing the organization’s cybersecurity strategy, governance, risk management, and operational security functions. This role ensures the security of IT infrastructure, applications, and data across the wholesale business while aligning cybersecurity initiatives with business objectives. The role also oversees compliance with regulatory requirements and industry best practices to mitigate cybersecurity risks.

Key Responsibilities:

1. IT Governance & Risk Program Management

• Develop and implement cybersecurity policies, standards, and guidelines to align with business needs and regulatory requirements.
• Lead enterprise-wide risk assessment and mitigation strategies to ensure cybersecurity resilience.
• Establish a cybersecurity governance framework, ensuring adherence to compliance requirements (e.g., ISO 27001, NIST, GDPR, PDPA).
• Manage third-party security risks, including vendor security assessments and contractual compliance.

2. Security Architecture & Engineering

• Design and implement robust security architectures to protect the organization's IT assets and digital infrastructure.
• Work closely with IT teams to integrate security into cloud environments, network systems, and enterprise applications.
• Oversee vulnerability management, penetration testing, and secure software development lifecycle (SDLC) practices.

3. Identity & Access Management (IAM)

• Develop and manage IAM strategies, ensuring appropriate user access controls and authentication mechanisms.
• Oversee Privileged Access Management (PAM) and Single Sign-On (SSO) solutions to strengthen security posture.
• Ensure role-based access control (RBAC) and least privilege principles are enforced across systems.

4. Security Operations Center (SOC) & Cyber Defense

• Lead the Security Operations Center (SOC) to monitor, detect, and respond to cybersecurity threats in real time.
• Oversee incident response, forensic investigations, and cyber threat intelligence initiatives.
• Implement advanced security analytics, Security Information and Event Management (SIEM), and threat-hunting capabilities.
• Develop and execute cybersecurity awareness training programs for employees

Requirements

• Bachelor’s or Master’s degree in Computer Engineering, Computer Science, MIS, Information Security or IT related field Knowledge in Cyber Offense, Cyber Defense, Security Advisory, Cyber risk management10+ years of experience in cybersecurity, with at least 5 years in a leadership role.
• Strong understanding of cybersecurity frameworks, compliance requirements, and risk management principles.
• Hands-on experience with security technologies such as firewalls, IDS/IPS, SIEM, endpoint protection, and cloud security.
• Industry certifications such as CISSP, CISA, CISM, CRISC, ISO 27001 or equivalent are highly preferred.
• Experience in the wholesale, retail, or supply chain industry is an advantage.
• Strong leadership, communication, and stakeholder management skills.