Assistant Chief Information Security Officer (ACISO)

Strategic Security Leadership

• Lead, define and execute the organization's information security strategy, policies, and governance frameworks.
• Participate and provide regular updates in executive meetings and security-related board discussions.
• Evaluate and recommend new security technologies, processes, and solutions.

Risk Management & Compliance

• Oversee risk assessments, security audits, and penetration testing activities.
• Ensure compliance with relevant industry standards (e.g., ISO 27001, ISO 27017, ISO 27018, NIST CSF, CIS Controls) and regulatory requirements (e.g., GDPR, PDPA, HIPAA).
• Develop and maintain risk registers, ensuring timely mitigation and remediation actions.

Incident Response & Threat Management

• Lead incident detection, response, and recovery activities in coordination with the SOC and IT teams.
• Manage post-incident reviews and ensure lessons learned are incorporated into future security measures.
• Monitor the threat landscape and ensure proactive measures against potential attacks.

Security Operations Oversight

• Support the management of security operations centres (SOCs) and ensure effective use of SIEM, EDR, and other monitoring tools.
• Oversee access control, data protection, and identity management programs.
• Collaborate with Project teams and DevSecOps teams to embed security in systems development and infrastructure changes.
• Liaise with external vendors for source code scanning, penetration, vulnerability and security testing
• Work with QA teams to test for vulnerabilities in projects
• Conduct security audit and review for projects
• Recommend solutions to fix security issues

Awareness & Training

• Drive organization-wide security awareness programs and phishing simulations.
• Provide guidance and mentorship to security and IT staff.
• Promote a culture of security across business units.

Requirements

Educational & Professional Qualifications:

• Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field.
• Professional certifications such as CISSP, CISM, CISA, CRISC, OSCP, ISO 27001 Lead Auditor or equivalent are strongly preferred.

Experience & Skills:

• Proven experience managing ISO frameworks and enterprise security tools (SIEM, EDR, IDS/IPS, firewalls).
• Experience with cloud security (AWS, Azure, GCP), network security, and application security.
• Demonstrated experience in incident response, threat intelligence, and security governance.
• Proven experience in application and system vulnerability assessments.
• Hands-on experience with source code scanning, penetration testing, and security testing methodologies.
• Familiarity with security tools and testing frameworks.
• Strong understanding of cybersecurity principles and best practices.
• Experience conducting security audits and reviews for various projects.
• Ability to analyze security issues and recommend effective solutions.
• Knowledge of ISO 27001 standards and involvement in ISO 27001 audits is desirable.
• Strong leadership, analytical, and communication skills to liaise with internal teams and external vendors.