Head of Information Security & Enterprise Risk Management

Role Purpose

The Head of Information Security & Enterprise Risk Management is a senior executive responsible for designing, governing, and continuously strengthening an enterprise-wide cyber security, information risk, and technology risk framework across a complex, multi-business, multi-technology environment.

This role requires deep specialization in advanced cyber security architecture, global regulatory compliance, and large-scale risk governance.

Key Responsibilities

1. Enterprise Information Security Leadership

• Design and own the enterprise-wide information security strategy, aligned with global standards (ISO, NIST, COBIT) and evolving threat landscapes
• Establish and govern security architecture across on-premise, cloud, hybrid, OT, and IoT environments
• Act as the final authority on cyber risk acceptance, escalation, and mitigation

2. Cyber Risk & Threat Management

• Lead advanced cyber threat intelligence, attack simulation, and incident response programs
• Oversee Security Operations Center (SOC) models, including SIEM, SOAR, threat hunting, and forensic investigations
• Lead crisis response for major cyber incidents, ransomware events, or data breaches

3. Enterprise Risk Management (Technology & Digital Risk)

• Integrate technology risk, cyber risk, data risk, and third-party risk into the broader ERM framework
• Conduct quantitative cyber risk assessments (e.g., FAIR methodology)
• Present risk scenarios and financial impact modeling to the Board and Executive Committee

4. Regulatory, Compliance & Governance

• Ensure compliance with global and cross-border regulations, including:
  • GDPR, ISO 27001/27701
  • NIST CSF, PCI-DSS
  • Industry-specific cyber regulations (financial, infrastructure, utilities, real estate, etc.)
• Lead internal and external audits related to information security and technology risk
• Serve as the primary regulatory and auditor counterpart for cyber and IT risk matters

5. Third-Party & Supply Chain Risk

• Establish governance for vendor cyber risk, cloud service providers, MSPs, and offshore partners
• Oversee due diligence, contract security clauses, and continuous monitoring programs

6. Leadership & Capability Building

• Build and mentor a highly specialized security and risk team (security architects, GRC experts, SOC analysts)
• Develop long-term cyber capability uplift programs
• Serve as trusted advisor to CEO, Board, and Group Executives

Required Qualifications (Highly Specialized)

Education

• Bachelors Degree in Computer Science, Cybersecurity, Information Systems, or Engineering
• Masters Degree in Cybersecurity, Information Assurance, Risk Management, or related field (strongly preferred)

Mandatory Global Certifications

Candidates must possess multiple of the following:

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CISA (Certified Information Systems Auditor)
• CRISC (Certified in Risk and Information Systems Control)
• ISO 27001 Lead Implementer / Lead Auditor
• Cloud Security Certifications (CCSP, AWS/Azure Security Specializations)

Experience Requirements

• 15+ years of progressive experience in:
  • Information Security
  • Cyber Risk Management
  • Enterprise Technology Risk
• Minimum 7–10 years in a regional or global leadership role
• Proven leadership across large, complex organizations (multi-entity, multi-system, multi-jurisdiction)

The role requires hands-on experience in:

• Designing enterprise-scale cyber security programs across:
  • Cloud, on-premise, hybrid, OT, and legacy systems
• Leading major cyber incident response at enterprise or regional level
• Implementing global security frameworks across multiple countries
• Presenting cyber risk in financial and strategic terms to Boards
• Managing cross-border data privacy and regulatory compliance

Behavioral & Leadership Competencies

• Board-level gravitas and executive presence
• Ability to translate deep technical risk into business language
• Strong crisis leadership and decision-making under pressure
• Proven mentor and builder of local capability