Role Brief: We are seeking a ‘Senior Cyber Security Lead’ with at least 10 years of experience in the cybersecurity domain. The ideal candidate will have a deep understanding and hands-on experience with various cyber security technologies, including but not limited to DSPM, FIM, CSPM & CNAAP, DAM, Email Security, Endpoint Protection, DLP, Web Proxy, Privilege access management, Identity & Access Management (IAM), Identity Protection, and CASB. This role will require a strong technical background combined with strategic thinking and excellent communication skills to guide and support internal teams & Business in mitigating risks and securing the enterprise environments.
Key Responsibilities:
Cybersecurity Consulting & Advisory:
Provide expert guidance on best practices for implementing and optimizing security technologies such as DSPM, FIM, CSPM, CNAAP, DAM, and others security technologies to improve security posture.
Design & Architecture:
- Design and architect security solutions tailored to client needs, ensuring the integration of solutions such as Email Security, Endpoint Protection, DLP, Web Proxy, IAM, and CASB.
Security Assessment & Risk Management:
- Conduct thorough security assessments to identify potential vulnerabilities and gaps in security architecture, with a focus on developing and implementing risk mitigation strategies.
Audit & Complaince:
- Create, implement, and maintain security policies, standards, and procedures in line with industry best practices and compliance requirements. Oversee compliance with regulations such as GDPR, ISO 27001, and PCI-DSS, conducting audits and assessments. Maintain detailed documentation of security architectures, policies, and incident response procedures.
Incident Response & Threat Detection:
- Advise on the design of incident response strategies and solutions to detect and respond to security incidents across a variety of technologies.
Collaboration & Integration:
- Collaborate with IT, development, and business teams to integrate security into all phases of system and application lifecycles. Advocate for security practices within the DevOps process, including secure coding and automated security testing. Coordinate with security vendors and service providers to evaluate and implement new security products and services.
Continous Improvement:
- Stay updated with the latest security trends and technologies, evaluating their applicability to the organization’s needs. Continuously review and improve security processes and controls to address emerging threats and improve efficiency. Develop and track key performance indicators (KPIs) for security operations, providing regular reports to senior management.
Documentation & Reporting:
- Develop detailed documentation of assessments, security architectures, incident response plans, and recommendations & continuos enhancements in technologies handled. Provide regular reporting on progress, challenges, and solutions.
Required Skills & Qualifications:
Experience:
- At least 10 years of experience in the cybersecurity field with a strong emphasis on implementing and managing security technologies such as DSPM, FIM, CSPM, CNAAP, DAM, Email Security, Endpoint Protection, DLP, Web Proxy, IAM, Identity Protection, and CASB.
- Proven track record of successfully consulting, designing, and deploying enterprise-level security solutions.
- Expertise in securing end-user devices, networks, applications, and data across on-premise and cloud environments.
Preferred Technical Expertise:
- In-depth knowledge of Identity and Access Management (IAM), including technologies such as Active Directory, SSO, MFA, and Identity Protection solutions.
- Strong experience in Data Loss Prevention (DLP) technologies and strategies for protecting sensitive information across endpoints, networks, and cloud services.
- Experience with Data Base Activity Monitoring Solution (DAM) tools to ensure proper data governance and security across critical databases.
- Expertise in Web Proxy and Endpoint Protection solutions (e.g., Symantec, CrowdStrike, or Carbon Black).
- Strong familiarity with CSPM (Cloud Security Posture Management) and CNAAP (Cloud Native Application Protection) tools for securing cloud applications and workloads.
- Experience with Data Security Posture Management (DSPM) tools to ensure proper data governance and security across cloud environments.
- Experience with Security Information and Event Management (SIEM) tools for monitoring, logging, and responding to security incidents.
- Experience with File Integrity monitoring tools to protect critical files, ensure compliance, and detect malicious activity.
- Experience in CASB Solutions to to monitor and enforce security policies as users access cloud resources.
- Expertise in Email Security solutions Like Mimecast, MS EOP.
- Expertise in Privilege Access management solutions like Arcos, Beyond Trust.
- Experience with cloud security, especially in multi-cloud environments (Oracle, Azure, GCP), and the implementation of security controls for cloud workloads.
Skills & Competencies:
- Strong problem-solving and analytical skills with the ability to develop effective security strategies.
- Excellent communication skills (both written and verbal) to interact with clients, technical teams, and senior stakeholders.
- Ability to manage multiple projects simultaneously and meet deadlines in a fast-paced environment.
- Proven ability to articulate complex security concepts to non-technical stakeholders and decision-makers.
Preferred Qualifications:
- Relevant industry certifications such as CISSP, CISM, CISA, CEH, or CISSP-ISSAP are highly desirable.
- Cloud certifications (e.g., AWS Certified Security Specialty, Azure Security Engineer, GCP Professional Cloud Security Engineer) would be a plus.
- Bachelor’s degree in computer science, Cybersecurity, or a related field.
- At least 10 years of experience in a similar role.
- In-depth knowledge of security frameworks and standards such as NIST and ISO 27001.
