Bachelor's Degree in Information Technology, Computer Science, Cybersecurity, Engineering or a related field
Minimum of 10 years
CISSP, CISM, GIAC certifications
Deep understanding of the organization's strategic goals, core business processes, and risk tolerance to ensure security operations effectively support and protect business outcomes. This includes aligning security initiatives with enterprise priorities, understanding regulatory and compliance obligations, and recognizing the impact of cybersecurity risks on operational continuity and stakeholder trust.
Translate complex technical risks into business-relevant insights, collaborate with key stakeholders across functions, and enable secure digital transformation while maintaining agility and productivity across the organization.
People Development- Mentors and empowers team members covering both direct and indirect reports, fostering a culture of continuous learning and improvement.
Client-Centric Mindset- Balances strong security controls with minimal disruption to business operations and user experience.
Security Operations Management- Expertise in managing day-to-day security operations, including monitoring, detection, response, and recovery.
Threat and Vulnerability Management- Ability to identify, assess, and mitigate threats and vulnerabilities across systems, networks, and applications.
Incident Response and Crisis Management- Proficiency in leading incident handling, forensic investigation, escalation and communication during security events.
Security Architecture and Engineering Oversight- Understanding secure system design and ability to review and guide technical security architecture.
Regulatory and Standards Compliance- Knowledge of relevant laws, frameworks, and standards (e.g., ISO 27001, NIST, PCI-DSS, local regulations like BSP and NPC).
Risk Assessment and Mitigation- Competence in evaluating cyber risks, conducting impact analysis, and implementing appropriate controls.
Security Tools and Technologies Proficiency- Familiarity with various security solutions like SIEM, endpoint protection, firewalls, IDS/IPS, and other cybersecurity platforms.
Policy Development and Enforcement- Ability to draft, implement, and enforce information security policies and procedures across the organization
Metrics and Reporting- Skill in defining KPIs, tracking performance, and presenting security posture and risks to various stakeholders.
Third-Party and Supply Chain Security Oversight- Understanding of vendor risk management and securing external integrations.
