Technical Security Lead

Roles and responsibilities

• Develop a comprehensive threat assessment for multiple infrastructure projects, covering a wide range of scenarios, from petty crime to terrorism, identify and evaluate security threats, considering various factors such as location, type of property, and potential risks.
• Develop the security Strategy of the infrastructure projects with realistic and cost-effective strategies tailored to each client's unique needs.
• Assist in prioritizing security measures based on potential risks and operational requirements, while considering factors such as budget constraints and adaptability to future changes.
• Develop the mitigation measures plan, recommend appropriate security measures, including both physical and electronic solutions.
• Assist in estimating cost, coordination with clients, and adapting strategies to evolving security needs.
• Propose a variety of technical security solutions, including video surveillance, access control, intrusion detection, and communication systems. Collaborate with multidisciplinary design teams to integrate security systems with development infrastructure.
• Develop the physical security design concepts such as landscaping, and crime prevention through environmental design (CPTED).
• Provide support in project coordination, tender processes, compliance reviews, through the project lifecycle activities related to security implementation.
• Propose the latest security trends, and innovative technologies in the field.

Requirements

• Minimum 15 years’ experience in security risk management, strategy, and systems design.
• Must have Civil infrastructure projects experience.
• Work under pressure with the ability to prioritize and plan effectively.
• Middle East experience will be advantageous.
• Excellent interpersonal skills.

Qualifications

Masters or bachelors degree in engineering (Electronics, Telecommunications or Electrical)

Desired candidate profile

1. Technical Security Expertise

• Cybersecurity Knowledge: Deep understanding of cybersecurity principles, including risk management, threat assessment, penetration testing, incident response, and security protocols for protecting digital assets.
• Physical Security Systems: Experience in managing physical security infrastructures, such as CCTV surveillance systems, access control systems, alarms, and intrusion detection systems.
• Network Security: Expertise in securing network infrastructure, including firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), and Virtual Private Networks (VPNs).
• Data Security and Encryption: Proficiency in data protection methods, encryption protocols, and secure data storage solutions to prevent unauthorized access or leaks.
• Security Operations: Understanding the operations and management of security operations centers (SOC), including monitoring, reporting, and analyzing security incidents in real-time.
• Security Architecture: Expertise in designing and implementing security systems and architectures that ensure the protection of an organization’s assets, both physical and digital.

2. Leadership and Team Management

• Team Leadership and Development: Managing, mentoring, and motivating a team of security professionals, including cybersecurity experts, security engineers, and other technical staff. Ensuring the team remains well-trained and up-to-date on the latest security trends and tools.
• Cross-functional Collaboration: Working closely with other departments such as IT, operations, legal, and risk management to integrate security practices into the organization’s overall strategy.
• Stakeholder Communication: Communicating security issues and solutions to senior leadership, clients, and external partners in a clear and concise manner, ensuring buy-in and alignment on security priorities.

3. Security Strategy and Risk Management

• Risk Assessment and Management: Conducting comprehensive risk assessments to identify vulnerabilities and threats to both physical and digital assets. Developing and implementing risk management strategies to mitigate potential security breaches.
• Incident Response Planning: Creating and testing incident response plans for both cybersecurity and physical security incidents, ensuring that the organization is well-prepared to respond to any threats.
• Business Continuity and Disaster Recovery: Developing business continuity plans and disaster recovery strategies to ensure the organization can maintain operations in the event of a security breach or disaster.

4. Security Compliance and Standards

• Regulatory Compliance: Ensuring that the organization’s security policies and practices are in compliance with industry regulations and standards such as GDPR, HIPAA, NIST, ISO 27001, or others specific to the organization’s industry.
• Security Audits and Assessments: Leading or coordinating regular security audits and assessments to ensure the effectiveness of security controls and identify areas for improvement.
• Privacy and Data Protection: Managing the organization’s data protection policies to ensure privacy laws and regulations are adhered to, and personal or sensitive data is protected.