Assistant Chief Information Security Officer (ACISO)

Job Description

Strategic Security Leadership
- Lead, define and execute the organisation's information security strategy, policies and governance frameworks.
- Participate and provide regular updates in executive meetings and security-related board discussions.
- Evaluate and recommend new security technologies, processes, and solutions.

Risk Management & Compliance:
- Oversee risk assessments, security audits, and penetration testing activities.
- Ensure compliance with relevant industry standards (e.g. ISO 27001, ISO 27017, ISO 27018, NIST CSF, CIS Controls) and regulatory requirements (e.g., GDPR, PDPA, HIPAA).
- Develop and maintain risk registers, ensuring timely mitigation and remediation actions.
- Incident Response & Threat Management:
- Lead incident detection, response, and recovery activities in coordination with the SOC and IT teams.
- Manage post-incident reviews and ensure lessons learned are incorporated into future security measures.
- Monitor the threat landscape and ensure proactive measures against potential attacks.

Security Operations Oversight:
- Support the management of security operations centres (SOCs) and ensure effective use of SIEM, EDR, and other monitoring tools.
- Oversee access control, data protection, and identity management programs.
- Collaborate with Project teams and DevSecOps teams to embed security in systems development and infrastructure changes.
- Liaise with external vendors for source code scanning, penetration, vulnerability and security testing.
- Work with QA teams to test for vulnerabilities in projects
- Conduct security audit and review for projects
- Recommend solutions to fix security issues.

Awareness & Training:
- Drive organisation-wide security awareness programs and phishing simulations.
- Provide guidance and mentorship to security and IT staff.
- Promote a culture of security across business units.

Job Requirements

Educational & Professional Qualifications:
- Bachelor’s degree in information technology, Cybersecurity, Computer Science. or a related field.
- Professional certifications such as CISSP, CISM, CRISC, OSCP, ISO 27001 Lead Auditor or equivalent are strongly preferred.

Experience & Skills:
- Proven experience managing ISO frameworks and enterprise security tools (SIEM, EDR, IDS/IPS, firewalls)
- Experience with cloud security (AWS, Azure, GCP), network security, and application security.
- Demonstrated experience in incident response, threat intelligence, and security governance.
- Proven experience in application and system vulnerability assessments.
- Hands-on experience with source code scanning, penetration testing, and security testing methodologies.
- Familiarity with security tools and testing frameworks.
- Strong understanding of cybersecurity principles and best practices.
- Experience conducting security audits and reviews for various projects.
- Ability to analyse security issues and recommend effective solutions.
- Knowledge of ISO 27001 standards and involvement in ISO 27001 audits is desirable.
- Strong leadership, analytical, and communication skills to liaise with internal teams and external vendors.
- Strong problem-solving skills and attention to detail.
- Ability to work collaboratively in a project environment.
- Up-to-date knowledge of emerging security threats and technology trends.
- Good documentation and report-writing skills.

Work Location