About Services Contact us Your Jobsearch
EN

© JobSearch.az 2006—2025

Site by Jeykhun Imanov Studio
Pasha Insurance Pasha Insurance
  • 259
Pasha Insurance

Pasha Insurance

Health Care equipment & services , Health Care Services , Insurance , Property & Casualty Insurance , Life & Health Insurance

Head of Information Security Department

Müraciət et
Job description About company Other vacancies

Head of Information Security Department

  • Deadline 13 September 2025
Müraciət et

Job description

  • Develop and execute the long-term cybersecurity strategy, roadmap, and policies in alignment with business goals.
  • Lead, mentor, and manage a multi-division Information Security department responsible for cyber security engineering, security operations, governance risk & compliance, and application security.
  • Direct the Security Operations Center (SOC), overseeing all threat management, incident response, and vulnerability management functions.
  • Guide the cybersecurity engineering function in designing, implementing, and maintaining a resilient and secure enterprise architecture.
  • Oversee the Governance, Risk, and Compliance (GRC) program, ensuring adherence to CBAR regulatory requirements and industry standards like NIST.
  • Lead the DevSecOps program to embed security throughout the entire software development lifecycle.
  • Report on the corporate cyber risk posture, key risk indicators (KRIs), and program maturity to executive management and the Supervisory Board.

Education & Specialization

  • Bachelor’s degree in Computer Science, Information Security, or a related field.
  • 5+ years of progressive experience in information security, with a proven track record in leadership role managing technical teams.

Certificates

  • A minimum of one of the following professional security certifications is required. Possession of multiple or other related certifications is highly advantageous.
  • CISSP (Certified Information Systems Security Professional)
  • CISM (Certified Information Security Manager)
  • CRISC (Certified in Risk and Information Systems Control)
  • CGEIT (Certified in the Governance of Enterprise IT)
  • ISO 27001 Lead Implementer / Auditor
  • COBIT 2019 with NIST Implementation
  • CompTIA CASP+ (Advanced Security Practitioner)
  • CEH (Certified Ethical Hacker)

Knowledge and Skills

  • Strategic Leadership: Proven ability to develop and execute a long-term, enterprise-wide cybersecurity strategy, roadmap, and vision.
  • Team Management: Experience providing executive leadership to a multi-division Information Security department, managing functions including Cybersecurity Engineering, Security Operations (SOC/IR), GRC, and Application Security.
  • Risk Management: Deep expertise in enhancing and managing Information Security Risk Management programs , including the synchronization of technical vulnerability data with corporate risk management frameworks.
  • Information Security Governance: Experience reviewing IS strategy, budgeting effectiveness, and staff competency to ensure alignment with business requirements.
  • Security Awareness: Experience developing and managing corporate-wide security awareness programs, including targeted training for different employee groups and simulated phishing attacks to measure effectiveness.
  • Industry Standards: Expert-level knowledge and implementation experience with major security frameworks including ISO27001, NIST CSF 2.0 , and hardening standards like DISA and CIS. As well as knowledge and experience with CBAR regulatory Information Security requirements.
  • Application Security Methodologies: Deep familiarity with OWASP, Application Security Verification Standard (ASVS), and Mobile Security Testing Guide (MSTG) for conducting comprehensive application assessments.
  • Security Architecture & Engineering: Experience in modernizing and building secure enterprise architecture, with the ability to lead engineering functions in designing robust security solutions.
  • Data Security & Loss Prevention: Expertise in establishing data security programs, including developing data classification registers and deploying enterprise-wide Data Loss Prevention (DLP) solutions.
  • Security Operations & Incident Response (SOC/IR): Proven ability to manage a Security Operations Center, including threat intelligence processing, incident response, and cyber defense operations.
  • DevSecOps & Container Security: Expertise in managing a full Secure Development Lifecycle (SDLC) , integrating automated SAST & DAST tools into CI/CD pipelines , and securing containerized environments with Docker and Kubernetes.
  • Vulnerability Management & Penetration Testing: Full oversight of vulnerability assessment, patch management, and penetration testing processes for internal, external and infrastructures.
  • Endpoint & Server Security: Expertise in implementing and managing advanced endpoint security (EDR/XDR, NGAV) across diverse operating systems including Windows Endpoints, Servers, Linux (CentOS, RedHat, Kali), and macOS.
  • Database & Data Security: In-depth knowledge of database security compliance, including firewall implementation, administrator and user activity auditing, environment segregation policies, data classification and masking.
  • Identity & Access Management (IAM): Experience building Access Matrix and Role-Based Access Control (RBAC) models for different systems as well as managing Privileged Access Management (PAM) systems.
  • Cloud & Mobile Security: Deep knowledge of securing cloud environments like Microsoft Azure and mobile platforms like Android, iOS including the management of MDM and MAM solutions.

Interested candidates can apply via the link in the Apply for job button.

  • Daily77
  • Weekly368
  • Monthly1092

CV göndər

Pasha Insurance

Pasha Insurance Head of Information Security Department

Send Send

Complain

Send Send

Sorğunuz təsdiqləndi