Head of Information Security

We are seeking an experienced and strategic Head of Information Security to lead the development, implementation, and continuous improvement of our enterprise-wide cybersecurity program. This role is responsible for protecting the confidentiality, integrity, and availability of our information assets, systems, and infrastructure across on-premises, cloud, and hybrid environments.You will work closely with senior leadership and key business stakeholders to align cybersecurity initiatives with business objectives, regulatory requirements, and emerging threats.Key ResponsibilitiesCybersecurity Strategy & GovernanceDevelop and execute the organization's cybersecurity strategy, aligned with business goals and risk appetite.Establish governance frameworks, security policies, standards, and procedures based on best practices (e.g., NIST, ISO 27001, CIS).Lead enterprise-wide cyber risk assessments and maturity evaluations to identify gaps and define mitigation roadmaps.Security Operations & Incident ManagementOversee day-to-day security operations, including monitoring, detection, threat intelligence, and incident response.Lead the response and recovery for security incidents, breaches, and forensic investigations.Ensure timely reporting and communication of significant threats or incidents to executive leadership and regulators (as required).Compliance, Audit & Regulatory EngagementEnsure compliance with applicable regulatory and industry standards (e.g., PDPA, GDPR, PCI-DSS, ISO 27001).Serve as the point of contact for internal and external audits, regulators, and third-party assessments.Maintain a robust security awareness and training program across the organization.Vendor & MSSP ManagementManage and evaluate cybersecurity vendors, tools, and services to ensure alignment with security strategy and performance expectations.Oversee relationships with Managed Security Service Providers (MSSPs), ensuring service levels are met and threat intelligence, monitoring, and response services are effective.Conduct regular reviews of third-party performance, risk assessments, and contract compliance.Ensure third-party solutions and partners meet internal security and compliance standards.Leadership & Team ManagementBuild, lead, and mentor a high-performing cybersecurity team.Drive a security-first culture through stakeholder engagement, education, and proactive partnership.Define and manage the cybersecurity budget, resource planning, and capability development.RequirementsBachelor's degree in Computer Science, Information Security, or related field (Master's preferred).12-15+ years of experience in cybersecurity, with at least 3 years in a senior leadership or head-of-function role.Experience in regulated industries (e.g. financial services, healthcare, government) is strongly preferred.Strong knowledge of enterprise security operations, identity & access management, data protection, SIEM/SOAR, and vulnerability management.Working knowledge of key frameworks and standards: NIST CSF, ISO 27001, MITRE ATT&CK, CIS Controls.To apply:If you're interested to apply or find out more, please share across your CV or reach out to Chen Yi at cy@kerryconsulting.com for a discussion. Due to anticipated high volume of applications, we regret to inform that only shortlisted candidates will be notified.Reg: R1876389Lic: 16S8060