Cyber Security Strategy Senior Specialist
Job Description
The Cyber Security Strategy Senior Specialist is responsible for developing, implementing, and continuously enhancing the organization’s cyber security strategy. This role involves aligning cyber security initiatives with business objectives, ensuring comprehensive protection against cyber threats, and fostering a culture of security awareness. The Senior Specialist will act as a key advisor to the executive leadership team, providing expert guidance on emerging threats, regulatory requirements, and industry best practices.
Responsibilities
- Cyber Security Strategy Development: LeadLead the development of a comprehensive cyber security strategy that aligns with the organization’s goals and risk appetite. Define and maintain the cyber security roadmap, ensuring that it evolves to address new threats and technological advancements.
- Risk Management & Compliance: OverseeOversee the identification, assessment, and prioritization of cyber risks across the organization. Ensure compliance with relevant regulatory requirements, standards, and frameworks such as ISO 27001, NIST, GDPR, and others. Develop and enforce policies, procedures, and controls to mitigate identified risks.
- Cyber Threat Intelligence: MonitorMonitor the global threat landscape to anticipate and respond to emerging cyber threats. Collaborate with the cyber threat intelligence team to analyze threat data and provide strategic guidance on threat mitigation. Communicate threat intelligence insights to stakeholders, including executives, to inform decision-making.
- Security Architecture & Innovation: ProvideProvide guidance on the design and implementation of secure architecture to protect critical assets. Promote the adoption of innovative security technologies and practices that enhance the organization’s defensive posture. Evaluate and recommend security tools, technologies, and services to support the cyber security strategy.
- Incident Response & Management: ActAct as a senior advisor during significant security incidents, guiding the response and recovery efforts. Review and refine the incident response plan to ensure it is effective and aligned with the broader security strategy. Lead post-incident reviews to identify lessons learned and drive continuous improvement.
- Stakeholder Engagement & Communication:Build strong relationships with key stakeholders across the organization to ensure cyber security is integrated into business processes. Develop and deliver executive-level presentations on cyber security risks, strategies, and initiatives. Foster a culture of security awareness through targeted training programs and communications.
- Team Leadership & Development: MentorMentor and develop junior members of the cyber security team, providing guidance on career development and technical skills. Coordinate with other departments to ensure a cohesive approach to cyber security across the organization. Lead cross-functional teams in the execution of strategic cyber security initiatives.
Desired Candidate Profile
- Education:Bachelor’s degree in Computer Science, Information Security, or a related field. A master’s degree is preferred.
- Experience:Minimum of 9-15years of experience in cyber security, with at least 5 years in a strategy-focused role. Proven experience in developing and executing cyber security strategies in a large, complex organization. Strong background in risk management, compliance, and security architecture.
- Certifications:Certified Information Systems Security Professional (CISSP) – Required. Certified Information Security Manager (CISM) – Preferred. Certified in Risk and Information Systems Control (CRISC) – Preferred. Other relevant certifications (e.g., CISA, CEH, TOGAF) are a plus.
Skills & Competencies:
- Strategic Thinking: Ability to develop long-term strategies that align with business goals and anticipate future threats.
- Risk Management: Expertise in identifying, assessing, and mitigating cyber risks across an organization.
- Technical Knowledge: In-depth understanding of security technologies, architectures, and best practices.
- Communication: Strong written and verbal communication skills, with the ability to convey complex security concepts to non-technical audiences.
- Leadership: Demonstrated leadership skills, including the ability to influence senior management and lead cross-functional teams.
- Problem Solving: Strong analytical and problem-solving skills, with a focus on finding effective solutions to complex security challenges.
- Adaptability: Ability to thrive in a fast-paced, changing environment and manage multiple priorities.
Key Performance Indicators (KPIs): IT Strategy, IT Governance, ISMS o Deep knowledge and wide expertise in strategic management of experience with information security management frameworks ( industry and regulatory governing bodies standards such as PCI – DSS,NIST, SOX, ISO 27001: 2013, ISO 31000) o CRISC, CISM, CISA, CISSP, PMI – RMP will be preferred o Good communication skills