Description:
Al Ramz Corporation P.J.S.C. is seeking a Senior IT Security Lead to join our growing team.
This role is responsible for designing and overseeing an enterprise-wide cybersecurity program that protects the organization’s systems, applications, and sensitive data in alignment with regulatory and industry best practices.
The role leads SOC operations, security incident response, and policy enforcement, working closely with IT and business teams to embed security controls across all technology and operational processes.
Key Responsibilities:
- Security Architecture & Infrastructure Management
- Lead the design and governance of security architecture across on‑premises, cloud, and hybrid environments.
- Oversee the deployment, configuration, and lifecycle management of security technologies including firewalls, WAF, IDS/IPS, endpoint protection, encryption, MFA, NAC, and secure remote access.
- Establish and enforce secure baseline configurations for servers, applications, network devices, and endpoints.
- Review and govern identity and access management (IAM), RBAC, privileged access, and least‑privilege models.
- Provide escalation support for complex security issues and act as the final technical authority for security decisions.
- Define security controls for new applications and services, including threat modelling and secure design reviews.
- Lead security aspects of business continuity and disaster recovery (BC/DR) planning and testing.
- Drive security automation initiatives to improve efficiency, scalability, and consistency of operations.
2. Threat Detection & Incident Response
- Architect and oversee advanced threat detection capabilities.
- Lead the end‑to‑end incident response lifecycle.
- Perform root cause analysis for major incidents and drive corrective and preventive actions.
- Conduct regular incident response drills, and simulations to strengthen organizational readiness.
- Ensure accurate incident documentation, reporting, and lessons‑learned tracking.
3. Vulnerability & Risk Management
- Lead the end‑to‑end incident response lifecycle.
- Plan and oversee vulnerability assessments, penetration testing, and security testing across infrastructure, applications, APIs, and cloud services and prioritize remediation activities based on risk, threat context, and business criticality.
- Track remediation SLAs and report risk posture, trends, and residual exposure to senior management.
- Maintain awareness of emerging threats, and evolving attack techniques.
4. Security governance, operations, policy & compliance
- Review, implement, and maintain information security policies, standards, and procedures.
- Ensure compliance with regulatory and audit requirements.
- Support internal and external audits by maintaining documentation, evidence, and audit readiness.
- Oversee continuous security monitoring across SIEM, EDR, cloud platforms, and network security tools.
- Define and maintain security KPIs and operational metrics to measure effectiveness and maturity.
- Security Awareness & Culture
- Lead organization‑wide security awareness and phishing resilience programs.
- Deliver role‑based security training for high‑risk user groups (developers, privileged users, executives).
- Promote a culture of “security by design” and shared accountability across the organization.
- Project & Vendor Management
- Govern security‑related projects including new technology rollouts and platform upgrades.
- Enforce security requirements throughout project lifecycles, including design reviews, testing, and go‑live approvals.
- Ensure closure of all critical and high‑risk findings before production deployment.
- Manage third‑party vendors, MSSPs, consultants, and auditors, ensuring contractual security obligations are met.
- Policies & Procedures Champion
- IT Access Management Policy and Procedure.
- Data Classification Policy and Procedure.
- IT Information Security Policies and Procedures.
- IT Business Continuity and Disaster Recovery Policy.
- IT Patch Management Policy and Procedure.
Qualifications and experience:
- Bachelor’s or master’s degree in computer science, Information Security, Cybersecurity.
- Minimum twelve (12) years of experience in all aspects of IT Security and Information Security administration and management.
- Certifications
- CISSP – Certified Information Systems Security Professional (MUST)
- OSCP/OSCE – Offensive Security Certified Professional / Expert
- CISM – Certified Information Security Manager