Group Head of IT Security

• Set the overall direction by formulating and executing a comprehensive Group IT Security strategy for the Group (including regional offices), ensuring a secure, resilient, and risk minimised IT environment that supports business objectives and complies with all applicable regulatory, legal and industry requirements.
  
• The role is accountable for Group wide cyber security governance, technology controls, incident readiness, and security culture, while providing strategic advisory to the Board, senior management and regulators.
  

• Define, own and continuously evolve the Group IT Security strategy, roadmap, and target maturity model, aligned with business priorities and regulatory expectations.
  
• Provide independent, strategic IT security and risk advisory to the Group CTO, Senior Management, Board and relevant committees to enable informed risk based decisions.
  
• Establish, maintain and enforce Group IT Security policies, standards, and frameworks, ensuring consistent adoption across Head Office and regional offices.
  
• Champion and cultivate a strong security and compliance culture across technology and business stakeholders.
  

• Network and perimeter security (firewalls, IPS, WAF, NAC)
  
• Endpoint and workload protection (EDR, XDR, anti malware)
  
• Identity and access management (IGA, SSO, PAM)
  
• Data protection (DLP, encryption, MDM)
  
• Threat detection and response platforms (SIEM, SOAR)
  

• Accountable for IT Security budget planning and optimisation, ensuring effective use of CAPEX and OPEX to support strategic priorities.
  
• Maintain strong relationships with security principals, vendors, and partners to stay abreast of emerging threats, technologies, and industry trends.
  
• Lead resource planning, succession, and talent development, building a high performing and future ready IT Security organisation.
  

Requirements

• Master’s Degree or Bachelor’s Degree in Computer Science, Information Technology, or related discipline
  
• Professional certifications (strongly preferred): CISSP, CISM, CISA, ISMS or Information Security Management related certification.
  
• Minimum 10 – 15 years of IT / Information Security experience.
  
• At least 10 years in a senior leadership or management role overseeing enterprise wide security functions.
  
• Proven experience engaging Boards, regulators, and senior executives on technology risk and cyber security matters.
  
• Strong enterprise level understanding of IT security, cyber risk, and regulatory compliance.
  
• Excellent leadership, stakeholder management, and communication skills.
  
• Strong analytical, decision making, and problem solving capabilities.
  
• Ability to balance security, compliance, and business enablement in a complex, regulated environment.