What's the role about

We're looking for an experienced Head of Information Security who will be leading and managing all aspects of information security and security engagements, such application security, information security, compliance, incident response, vendor management and others.

What you’ll be doing

• Developing and managing security compliance metrics and reporting for technical and non-technical stakeholders
• Directing multiple Information Security functions in support of a business to ensure that all applications, infrastructure, procedures, contracts, and services comply with rules and regulations, internal standards and policies for information security
• Identifying and recommending changes to the security controls, assessing potential risks to data and systems, and provide recommendations on mitigation of these risks to acceptable levels and show ownership in following through implementation
• Serving in leadership role for security strategy, initiatives and activities and as a leader for teams investigating and addressing various security and privacy issues
• Working with auditors, vendors, partners and customers to support and expand security scope, certification and obligations
• Team management

What you’ll need to be successful in the role

• Solid experience in Information Security with progressive growth in roles and responsibilities
• Must possess demonstrated capabilities across Information Technology, Information Security, and Risk Management
• Intimate knowledge of Information Security industry standards/best practices and relevant regulations (e.g., NIST, CSA, ISO, PCI DSS)
• Successfully certified to PCI DSS, SOC 2 and/or ISO27001 certifications in the past 
• Hands on managerial & leadership experience
• Be able to work creatively and analytically in a problem-solving environment. An Innovative and strategic driven mindset.
• Strong communication skills, being able to work effectively with staff and colleagues across all departments.
• Experience with hardening of IT and production (on-premise, cloud) infrastructure
• Security engineering background is highly beneficial

Desired Skills:

• Experience in building security processes and controls according to world-wide security standards
• Technical skills relevant to Information Security such as secure coding standards (ASVS, OWASP, SANS top 20 etc), ethical hacking techniques (CEH), network security, and ISO / NIST risk analysis
• Strong presentation and organisation skills
• CISM, CISSP, CSSLP