Head of Information Security-Karachi

By Human Resource Solutions International (HRSI), Karachi for A leading E & P Company                                                                                  Qualification:

• Information Security/Cyber Security/Engineering (Electrical/Electronics/Telecom/Computer/System/Software/)/Computer Science/IT OR M.Sc. (Computer Science)/MS Information Security/ Cyber Security/MCS/MIT. Degree must be recognized from HEC/PEC. CISSP/CISM is mandatory, candidates possessing relevant advanced certifications like CISA, CRISC, CEH, ISO/IEC 27001 Lead Implementer/Auditor will be preferred

Experience:

• At least 14 years of relevant experience in information technology and cyber security preferably having prior experience of heading an Information Security Function along with OT infrastructure

Duties & Responsibilities:

• Lead the enterprise-wide cyber security and industrial control systems (ICS/OT) security strategy.
• Responsible for ensuring the confidentiality, integrity, and availability of IT and OT assets.
• Develop and implement cyber security & OT security strategy covering IT/OT Infrastructure, aligned with the business, operational, and regulatory objectives. Build /enhance Security Operations Center (SOC) to support 24/7 incident detection and response.
• Lead enterprise-wide implementation of cyber security governance frameworks, policies and control mechanisms.
• Identify and prioritize protection of Critical Information Infrastructure (CII).
• Develop a real-time threat intelligence and monitoring capability. Lead the organizations Disaster Recovery (DR) and Business Continuity Planning (BCP) as per global standards.
• Present cyber security posture, risks, and investment requirements to the top management. Establish and maintain ISMS in line with ISO/IEC 27001:2022 and risk assessments per ISO 31000.
• Develop and test Cyber Incident Response Plans (CIRP).
• Drive Cyber security awareness and training programs specific to IT/OT cyber risks. Develop and enforce network segmentation and access controls between IT and OT environments.