Key Competencies:

• Information Security Governance: Advanced knowledge of security frameworks, policies, and strategic integration of security with business operations. Strong understanding of cyber resilience principles.
• Regulatory & Standards Expertise: Comprehensive understanding of data protection laws, international security standards (ISO), and industry regulations. Ability to interpret and apply evolving requirements.
• Technical Security Knowledge: Proficiency in assessing system security configurations, network architecture, and control implementations. Deep understanding of security best practices.
• Security Assessment: Expert capability in conducting security assessments and compliance reviews. Strong analytical skills in control effectiveness evaluation.
• GRC Technology: Advanced knowledge of GRC platforms and automation solutions. Expertise in optimizing compliance monitoring and reporting processes.
• Control Framework: Deep understanding of control validation procedures and attestation processes. Knowledge of control documentation best practices.
• Third-Party Security: Expert knowledge of vendor security assessment methodologies and supply chain risk management principles.
• Strategic Communication: Strong ability to articulate complex security concepts to various stakeholders. Excellence in security status reporting and presentation.
• Audit Management: In-depth knowledge of external audit and certification processes. Strong understanding of audit evidence requirements and remediation approaches.
• Policy Architecture: Expert understanding of control frameworks and their relationship to organizational policies. Proficiency in mapping security requirements to operational controls.

Core Responsibilities:

• Information Security Governance: Develop and oversee security frameworks, policies, and procedures aligned with business objectives. Integrate security strategy with operations to maintain business continuity and cyber resilience.
• Regulatory & Standards Management: Ensure adherence to data protection laws, international security standards (ISO), and industry regulations. Monitor evolving requirements and update security practices accordingly.
• Technical Security Oversight: Assess and validate system security configurations, network architecture, and control implementations against security requirements and industry best practices.
• Security Assurance: Lead internal security assessments and compliance reviews. Evaluate control effectiveness and drive continuous improvement initiatives.
• Technology & Process Optimization: Implement and manage GRC platforms and automation solutions to enhance compliance monitoring and reporting efficiency.
• Control Management: Design and maintain control validation procedures, ensuring proper documentation and attestation from control owners.
• Third-Party Risk Management: Develop and execute vendor security assessment programs. Evaluate and monitor external partner security postures to manage supply chain risks.
• Stakeholder Management: Deliver regular status updates to GRC leadership on security posture and program effectiveness. Drive clear communication channels with key stakeholders.
• Audit Coordination: Support external audit engagements and certification processes. Partner with auditors and internal teams to facilitate successful outcomes.
• Policy Framework Administration: Maintain unified control framework mapping security requirements to organizational policies. Establish clear relationships between policies, standards, and operational controls.

Education & Professional Certifications:

· Advanced degree in Computing/Technology field (Bachelor's/Master's in Computer Science or related)

· Governance, Risk & Compliance certification (ISC2 GRC)

· CISSP (Certified Information Security Professional)

· CISA (Certified Information Systems Auditor)

· Security Controls Framework certification (SANS SEC566)

· OSCP (Offensive Security Certified Professional)