Lead / Senior Lead (Cybersecurity)

As a Cybersecurity Lead, you will play a critical role in safeguarding our organization’s digital assets and ensuring the confidentiality, integrity, and availability of our information systems. You’ll lead a team of skilled professionals and collaborate with various departments to implement robust security measures.

MAJOR DUTIES & RESPONSIBILITIES

Strategy and Planning:

- Develop and execute a comprehensive cybersecurity strategy aligned with organizational goals.
- Identify potential risks and vulnerabilities and create mitigation plans.
- Stay up-to-date with industry trends and emerging threats.
- Recommend suitable enhancements to improve information cybersecurity performance.

Security Operations:

- Oversee day-to-day security operations, incident response, and threat detection.
- Manage security tools, including firewalls, intrusion detection/prevention systems, and antivirus software.
- Conduct regular security assessments and vulnerability scans.

Team Leadership:

- Lead and mentor a team of cybersecurity professionals.
- Delegate tasks, set performance goals, and provide regular feedback.
- Foster a collaborative and proactive security culture within the organization.

Policy and Compliance:

- Develop and enforce security policies, standards, and procedures.
- Ensure compliance with relevant regulations (e.g., PDPA, PCIDSS, etc).
- Good understanding of NIST framework and its implementation and compliance.
- Coordinate audits and assessments.

Risk Management:

- Assess and prioritize risks, considering business impact and likelihood.
- Implement risk mitigation strategies and monitor their effectiveness.
- Work closely with other departments to address security-related concerns.

Incident Response:

- Lead incident response efforts during security breaches or incidents.
- Coordinate with legal, IT, and communication teams to manage incidents effectively.
- Conduct post-incident analysis and implement improvements.

Collaboration:

- Conduct post-incident analysis and implement improvements.
- Collaborating with stakeholders to conduct governance, risk and critical systems controls assessment, compliance audit, and cyber resilience and disaster recovery.
- Working with internal stakeholders such as the network and system team for investigations and cybersecurity planning.
- Collaborating with external and internal parties on various cybersecurity initiatives.

JOB REQUIREMENTS
- Collaborating with external and internal parties on various cybersecurity initiatives.
- Bachelor’s degree in computer science, Information Security, or related field.
- Certifications: CISSP, CISM, or similar certifications are highly desirable.
- Experience: Minimum 5 years of experience in cybersecurity, including managerial roles.
- Possess strong technical and domain knowledge with experience in project management, cybersecurity threat monitoring, threat hunting, logs review, source code review and analysis, network security, machine learning, vulnerability assessment/penetration testing, compliance and cybersecurity risk management, network security, encryption, access controls, and security frameworks
- Excellent interpersonal, communication and leadership skills.