BOBCARD - Vice President/Assistant Vice President - Information Security

Vice President/Associate Vice President - Information Security

This position would include the mentioned set of responsibilities but not limited to:

- Develop and execute a comprehensive information security strategy, aligned with the organization's goals, to protect sensitive data and systems from cyber threats.

- Collaborate with senior management to integrate security best practices into the organization's overall strategy and operations.

- Oversee the development and implementation of risk management frameworks, including business continuity and disaster recovery plans.

- Identify, assess, and mitigate cybersecurity risks across all organizational levels.

- Establish and maintain the company's cybersecurity policies, standards, and procedures.

- Ensure the organization's cybersecurity practices comply with regulatory and local data protection laws

- Manage the company's security posture, including risk assessments, audits, and compliance initiatives

- Conduct regular risk assessments to identify potential security gaps and implement corrective actions

- Define and enforce a risk management framework to address emerging threats and vulnerabilities.

- Managing and monitoring SOC and drive cyber security related projects.

- Conduct and complete an annual review of required PCIDSS, ISO 27001 regulations and certification.

- Conducting risk assessment and security reviews of new applications and initiatives and recommendation to mitigate risk.

- Ensuring that periodic tests are conducted to evaluate the adequacy and effectiveness of technical security control measures, especially after each significant change to the IT applications/ systems/ networks as well as after any major incident

- Ensuring regulatory and non-regulatory compliance on IT Governance and Cyber Security within stipulated timelines

- Develop Information security awareness training and education program.

- Lead internal and external cybersecurity audits, reviews, and compliance reporting, while conducting security committee meetings and liaising with internal and external auditors on matters related to information security.

- Ensure personnel only have access to the sensitive information for which they have appropriate authority and clearance.

- Ensure controls in place against unauthorized access to workstations and related equipment.

- Set the access and authorization controls for everyday operations as well as emergency procedures for data.

- Implement automated and continuous monitoring of security incidents.

- Respond to cyber incidents in a timely manner.

- Implement Cyber capability index to identify cyber maturity and reporting the cyber health to regulators.

- Work closely with the legal and compliance teams to ensure adherence to industry regulations and standards.

- Stay up-to-date with the latest security trends, threats, and regulatory changes and adjust the security program accordingly.

Job Specific Skills:

Applicants should possess the following attributes:

- Extensive experience in information security leadership roles, with a proven track record of strategic planning and execution.

- Deep understanding of regulatory standards and frameworks, including PCIDSS, ISO 27001, GDPR, and others.

- Hands-on expertise in cybersecurity technologies such as SIEM, SOAR, UEBA, TIP, and advanced threat detection systems.

- Strong background in risk management, governance, and compliance across diverse IT environments.

- Familiarity with emerging technologies, including AI, ML, and blockchain, and their implications on cybersecurity.

- Exceptional communication skills with the ability to present complex security topics to executive leadership and stakeholders.