Total-TECH Co.
” The Job Description”
- Develop and execute the organization’s information security strategy aligned with business goals.
- Design, implement, and maintain enterprise-wide security programs, policies, and standards (NIST, CIS, ISO, COBIT frameworks).
- Lead incident response, threat intelligence, and business continuity planning efforts.
- Manage regulatory compliance, including GDPR, HIPAA, PCI-DSS, CCPA, and local data protection laws.
- Oversee third-party/vendor security assessments, cloud security, and identity & access management.
- Conduct risk assessments and provide actionable recommendations for security investments.
- Build and lead a high-performing security team, ensuring training, awareness, and skills development.
- Collaborate with executive leadership to translate technical risks into business impact for boards and stakeholders.
- Establish security governance, SOPs, and DOA frameworks, ensuring organizational adherence to best practices.
- Manage security budgets, procurement, and vendor evaluation.
- Stay abreast of the latest cybersecurity threats, technologies, and best practices to maintain organizational resilience.
Requirements:
- Education: Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, Computer Engineering, Network Engineering, or related discipline.
Master’s degree preferred (Cybersecurity, IT Management, or MBA with technology focus). - Certifications (required/preferred): CISSP (Certified Information Systems Security Professional) – (ISC)²
CISM (Certified Information Security Manager) – ISACA. - CRISC (Certified in Risk and Information Systems Control).
- ISO/IEC 27001 Lead Implementer or Auditor.
- CGEIT (Certified in the Governance of Enterprise IT).
- Optional: CEH, GSEC, OSCP for technical credibility.
- Experience: 10–15 years in IT or cybersecurity roles, with 5–7+ years in leadership positions.
Proven track record in enterprise security program design, implementation, and governance. - Experience managing cross-functional teams and multiple cybersecurity domains.
- Skills & Competencies: Strategic mindset with ability to align cybersecurity with business objectives.
Strong executive communication skills for board and C-suite engagement. - Risk-based decision-making and prioritization in complex environments.
- Crisis leadership and ability to manage security incidents under pressure.
- Budget management and vendor evaluation expertise.
- Awareness of SIEM/SOAR platforms (e.g., Splunk, Microsoft Sentinel) and endpoint security.
- Strong understanding of cloud security, identity/access management, and regulatory requirements.
“Core Competencies”
- Strategic Planning & Security Governance.
- Risk Management & Incident Response.
- Regulatory Compliance & Audit Readiness.
- Team Leadership & Talent Development.
- Communication & Stakeholder Management.
- Cybersecurity Program Development.
- Technology Evaluation & Implementation.
