head of information security | 30k-40k myr.

This role will be responsible for shaping security strategy, implementing best-practice security frameworks, and ensuring robust protection of systems, infrastructure, and data across the organisation. The successful candidate will work closely with IT, software engineering, and high-performance computing (HPC) teams to embed security across all operational layers.

The position also plays a key role in translating cybersecurity risks and concepts into clear business insights, ensuring alignment between security initiatives and business priorities.

Key Responsibilities
• Lead the organisation’s cybersecurity program and ensure alignment between security strategy and business objectives
• Design and implement security policies, procedures, and technical solutions aligned with industry frameworks and best practices
• Own the ISO 27001 implementation, compliance, and continuous improvement process
• Manage and operate the organisation’s SIEM platform (Wazuh) and conduct regular security audits across systems, networks, and authentication environments
• Oversee vulnerability management, patching processes, and security scanning using tools such as OpenVAS or Nessus
• Act as the primary liaison for third-party security audits and compliance activities
• Provide security briefings and technical discussions with enterprise customers and partners
• Support security integration for cloud and infrastructure solutions
• Provide strategic guidance on cybersecurity governance, policies, and regulatory requirements
• Contribute to business continuity and disaster recovery planning to ensure organisational resilience
• Monitor and report on the organisation’s risk posture, security initiatives, and incident trends
• Lead and coordinate incident response processes across internal teams
• Ensure robust vendor risk management processes are applied across the organisation

Requirements
• Minimum 10 years of experience in information security, IT security, or security management roles
• Strong knowledge of security frameworks such as ISO 27001, NIST, and industry best practices
• Hands-on experience securing Linux-based environments
• Experience with threat detection, vulnerability management, and incident response
• Strong understanding of firewalls, IDS/IPS, endpoint security, and security monitoring tools
• Proven ability to design, implement, and enforce organisational security policies
• Strong communication skills with the ability to translate technical security concepts to business stakeholders
• Experience delivering security awareness training and stakeholder engagement

Desirable Experience
• Exposure to DevSecOps environments, CI/CD pipelines, Terraform, or Kubernetes
• Experience working with Next-Generation Firewalls (e.g., Palo Alto)
• Experience in cloud, infrastructure, or high-performance computing environments

Why Apply?
• Opportunity to shape and lead cybersecurity strategy in a global technology environment
• Work closely with engineering, infrastructure, and cloud teams on complex technical systems
• Play a strategic role in strengthening organisational cyber resilience and governance