In a Nutshell:
Gaditek is headhunting an experienced veteran of Information Security to crown the throne of Head of InfoSec in our Cyber Security division.
In this role, you will have the opportunity to directly drive, lead, and contribute to business-critical projects across Infrastructure, Applications, and Gateways. You will be accountable for establishing a unified enterprise security architecture to secure information assets, services, and the products that depend on them. Additionally, you will be responsible for building trust with customers and stakeholders and protecting the privacy of customers and employees. As the Head of the Information Security team, you will report to the Head of Engineering & CTO.
Once you are here, you will:
- Lead the design of comprehensive security and privacy framework, policies, and technologies to ensure a robust Cyber Security posture while upholding productivity and maintaining the lowest cost structure.
- Build a team of “techies” who are passionate about opensource tools & services and love to fidget with technologies to create robust, customized, highly scalable systems.
- Research and implement enhanced technologies, as they emerge to ensure our offering to the global client base remains top of the line.
- Work with all stakeholders to implement application security & cloud security technologies and best practices by determining security requirements and proposing solutions that balance business requirements with information and Cyber Security requirements.
- Devise and implement access controls, audit framework, technology and processes across our global infrastructure in over 55 countries.
- Clear periodic security & privacy audit from a reputed Big 4 firm’s North American offices.
- Ensure best security hygiene, practices and privacy-by-design systems such as Cloud document & collaboration suite and IAA systems
- Take a hands-on approach with SIEM/IDS/IPS and associated systems, to ensure proactive defense against our global public facing infrastructure.
- Take a hands-on approach with the Next Gen Firewall, DLP and associated systems.
- Assist in guiding, prioritizing, and measuring our efforts in achieving and maintaining onsite and cloud security.
- Perform internal cloud services security reviews and recommending changes or enhancements for identified security design gaps in existing and proposed architectures.
- Align security standards, frameworks and policies with overall business and technology strategy. Driving organization towards certifications such as ISO 27001/ others
- Design and build prototype security solutions, including security-specific test cases.
- Perform and facilitate security reviews and threat modeling exercises, identifying attack vectors that may be used to exploit cloud services and working collaboratively to remediate.
- Drive on-going security testing for vulnerabilities utilizing both automated and manual testing tools.
- Identify and communicate current and emerging onsite and cloud security threats, including specifying requirements and controls to mitigate threats as they emerge.
- Assist with Incident Response as required and contributing to GDPR breach notification efforts.
- Work cross-departments to identify and implement GDPR requirements, related to cloud services offerings.
What does GADITEK offer you?
GADITEK is a new age technology company that is focused on just one thing: keeping you relevant in the market. We work hard. Harder than most other places of work in the same hours. But we also purposefully find ways to allow our teams to enjoy work together. As a result, we’re among the best companies to work for in Pakistan with a plethora of benefits and an amazing culture.
Working with us, you will never have to worry about being left behind in the market or losing your market value. You will always remain market competitive, work on challenging new projects that require you to put your knowledge and experience to create amazing solutions that you’re proud of and which help us go to new places.
- Minimum Bachelor's degree. A Master's degree in Computer Science or Cybersecurity is a plus.
- 2+ years Technical leadership experience in the software security field including customer interfacing
- Minimum 6+ years familiarity with Cloud-based applications, server-based software, mobile applications and embedded software
- Minimum 5+ years with incorporating cybersecurity into software development processes and programs
- Certifications in security and privacy demonstrating deep practical knowledge such as CSSLP or CISSP
- Background in systems engineering
- Strong knowledge of secure software development lifecycle and practices such as threat modeling, security reviews, penetration tests, and security incident response
- Understanding of security by design principles and architecture level security concepts
- Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
- Excellent communication and leadership skills