Cybersecurity Strategist

Job Title

We are seeking a seasoned cybersecurity expert to spearhead our organization's global information security and risk management initiatives. As an Information Security Manager, you will lead the development and implementation of our comprehensive security program aligned with industry best practices.

Main Responsibilities

• You will design, execute, and continuously improve our global Information Security Program ensuring alignment with ISO 27001:2022 standards.
• As the Information Security Officer (ISO), you will be responsible for maintaining our ISO 27001:2022 certification, leading audits, gap analyses, and surveillance processes.
• You will define security policies, controls, and guidelines to mitigate risks and ensure regulatory compliance across geographies.
• Your role will involve leading and mentoring the Information Security Team providing support for internal users across all departments and locations.

Governance, Risk & Compliance

• You will own and operate the Information Security Risk Management Framework including regular risk assessments, control validation, vendor security reviews, and mitigation planning.
• As part of your responsibilities, you will lead and maintain Business Continuity Plans (BCP), Disaster Recovery Plans (DRP), and Contingency Planning procedures.
• You will collaborate with legal, operations, and external consultants to ensure alignment with data privacy laws.

Security Operations & Technical Oversight

• You will manage Security Operations Center (SOC) functions either in-house or with third-party providers ensuring effective threat detection and incident response.
• Your role will involve overseeing Threat Intelligence, vulnerability management, and offensive security practices including regular penetration testing and red/blue team exercises.
• You will support the implementation of IAM/PAM policies and tools for access governance and least-privilege enforcement across systems.

Data Protection & Privacy

• You will define and enforce Data Loss Prevention (DLP) strategies to monitor and protect sensitive data across databases, endpoints, cloud, and SaaS platforms.
• Your role will involve driving data classification and privacy-by-design principles across systems and development workflows.

Training & Awareness

• You will develop and run a company-wide Security Awareness Program ensuring employees understand their roles in cybersecurity and compliance.
• Your role will involve conducting phishing simulations, internal campaigns, and role-based training to drive security culture across the organization.

Collaboration & Leadership

• You will partner with stakeholders to ensure alignment between support, device, and security policies.
• As the primary point of contact, you will handle all security incidents, regulatory inquiries, and audit responses.
• You will regularly report program status, information security risks, and KPIs to executive leadership.

---