Cyber Defense Lead
Indexed description
Responsibilities
VAPT (Vulnerability Assessment & Penetration Testing) Team Management:
- Lead, mentor, and manage a team of VAPT specialists, fostering a culture of continuous improvement and technical excellence.
- Develop, implement, and mature the VAPT program, including scope definition, methodology, tool selection, and reporting.
- Oversee the execution of regular vulnerability assessments and penetration tests across applications, infrastructure, and networks.
- Prioritize and track remediation efforts for identified vulnerabilities, collaborating with relevant teams to ensure timely resolution.
- Stay abreast of emerging threats, vulnerabilities, and attack techniques to enhance VAPT strategies.
- Establish and maintain robust security governance frameworks, policies, standards, and procedures in alignment with industry best practices (e.g., ISO 27001, NIST, internal compliance requirements).
- Lead and facilitate security audit assessments (internal and external), ensuring compliance with regulatory and organizational requirements.
- Manage and conduct OSP (Outsourced Service Provider) security reviews, including due diligence and ongoing monitoring of third-party security posture.
- Oversee the vendor security management program, assessing security risks posed by third-party vendors and ensuring appropriate controls are in place.
- Provide governance and oversight over the security posture of all security components and solutions deployed within the organization.
- Manage and optimize endpoint security solutions (e.g., EDR, antivirus), ensuring comprehensive protection across all devices.
- Oversee the lifecycle management of SSL/TLS certificates, ensuring timely renewals and proper implementation.
- Develop and implement strategies for data encryption across various systems and data at rest/in transit.
- Define and enforce hardening standards for operating systems, applications, and network devices.
- Manage and secure file sharing mechanisms, ensuring data integrity, confidentiality, and access control.
- Act as a primary security advisor to business units and technology teams, providing expert guidance on security best practices, risk mitigation, and architectural design.
- Contribute to the development and evolution of the overall security architecture, ensuring alignment with business objectives and threat landscape.
- Lead the security project office function, managing the lifecycle of security-related projects from initiation to closure.
- Define project scopes, objectives, resource requirements, timelines, and budgets for security initiatives.
- Monitor project progress, identify and mitigate risks, and ensure successful delivery of security projects.
- Bachelor's degree in Computer Science, Information Security, or a related field. Master's degree preferred.
- 8+ years of progressive experience in information security
- In-depth knowledge of security governance frameworks (ISO 27001, NIST, etc.) and experience with audit management.
- Strong understanding of system security principles, including endpoint security, encryption, hardening, and data protection.
- Experience in security architecture and providing security advisory services.
- Demonstrated success in managing security projects and programs.
- Relevant industry certifications such as CISSP, CISM, OSCP, CEH, or equivalent are highly desirable.
- Excellent communication, interpersonal, and presentation skills, with the ability to articulate complex security concepts to technical and non-technical audiences.
- Strong analytical and problem-solving abilities, with a keen eye for detail.
- Ability to work effectively in a fast-paced and dynamic environment.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search