About the Role:
We are seeking Head of Information Security and Data Privacy, who will take the helm in leading the following:
1) Information security at the enterprise level, encompassing both Application security and Cloud security
2) Certification Compliance for standards such as ISO, SOC, PCI DSS
3) Data Privacy. GDPR and CCPA readiness and compliance.
Key Objectives and Responsibilities:
Cloud Security: Design, implement, and manage security measures for cloud-based infrastructure, ensuring the confidentiality, integrity, and availability of data.
Conduct regular security assessments and audits of cloud environments to identify and remediate vulnerabilities.
Collaborate with cross-functional teams to integrate security best practices into cloud-based solutions.
Application Security: Develop and implement strategies for securing applications throughout the software development lifecycle (SDLC).
Conduct code reviews and provide guidance to development teams on secure coding practices.
Perform application security assessments, penetration testing, and vulnerability assessments.
Identity and Access Management (IAM):
Incident Response and Threat Detection: Develop and implement incident response plans for cloud environments and applications.
Monitor and analyze security logs to detect and respond to security incidents in a timely manner.
Security Compliance:
Ensure compliance with industry standards and regulations related to cloud security and application security.
Work with internal and external auditors to demonstrate compliance with security policies and procedures.
Security Automation: Implement and maintain security automation tools and scripts to streamline security processes.
Identify opportunities for automation to enhance the efficiency and effectiveness of security operations.
Data Privacy: Lead and oversee the implementation and maintenance of GDPR and CCPA compliance programs.
Conduct thorough assessments to ensure alignment with the regulatory requirements and address any gaps.
Conduct PIAs to identify and address potential privacy risks associated with data processing activities.
Provide recommendations for mitigating privacy risks and ensuring compliance with regulations.
Education & Work Experience:
- 18+ years of experience.
- Experience with a global footprint.
- Proven expertise in developing and implementing enterprise strategies and programs for the effective management of information and technology risks.
- Familiarity with common information security management frameworks, including ISO/IEC 27001 and NIST.