Sr SDM/ Infra security Director

• Engage in and act as extension of Client IT team led by the Client IT Security Director/CISO.
• Lead the definition and execution of the organization's IAM strategy, aligning with the overall enterprise security and technology roadmap.
• Serve as the top-tier authority on all IAM topics, with an emphasis on integrating cloud and on-premises enterprise architectures.
• Design scalable, reusable, and forward-thinking IAM solutions that meet current business needs while anticipating future requirements.
• Establish IAM architectural standards, patterns, and guidelines to ensure consistent implementation across the organization.
• Champion the adoption of cutting-edge cybersecurity controls across IAM, AppSec, and DevSecOps domains.
• Provide security thought leadership, consulting and insight into best practices to the Client IT Security team
• Work with Client IT Security on creating/reviewing/updating the Client security roadmap
• Review and respond to Customer's requests to review platform selection decisions, including providing technical support to develop technical configuration and support policies and procedures
• Review the current Security Architecture and suggest changes and improvements based on Supplier's experience and industry best practices to Customer for review
• Participate in proof-of-concept projects, including suggesting typical industry best practices
• Experience managing security infrastructure such as firewalls, IPSs, WAFs, endpoint protection, SIEM and log management technology, IAM, PAM & GRC
• Understanding of IT infrastructure:
• Applications
• Databases
• Operating systems (Windows, Unix and Linux)
• Hypervisors
• IP networks (WAN, LAN)
• Storage networks Backup networks and media
• SSO/MFA MS Entra ID, 1Password
• PAM, IGA, UAM, UAR

Knowledge and Experience

The qualified candidate will have:

• Must work well within a team environment and be results driven to achieve organizational goals

• Minimum of 12-18 years of relevant information technology:
• 10 12 years demonstrated experience with IT security risk, defences and security technologies.

• CISSP Certified Information Systems Security Professional

• Demonstrated experience in the design, development, and implementation of security information processes, procedures, controls, and solutions.

• Demonstrated adaptation to changing business needs and the ability to work in a variety of different business situations
• Education:
• Minimum bachelor's degree with a desired emphasis in Computer Science, Information Technology, or Computer Engineering.
• Post-graduate degree in Computer Science, Information Technology, or Computer Engineering; or MBA desirable.
• Proven project management skills with experience in a formalized process and the ability to successfully manage multiple projects at one time.

• Working knowledge of the Client businesses and functional areas with the ability to understand and assess applicable IT security threats.
• Familiarity with applicable legal and regulatory requirements, including, but not limited
• Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff.
• The ability to interact with Client personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives.
• A strong understanding of the business impact of security tools, technologies and policies.
• Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols, industry best practices and strategies.
• Experience working with legal, audit and compliance staff is highly desired.
• Track developments and changes in the digital business and threat environments to ensure that these are adequately addressed in security strategy plans and architecture artifacts.
• Evaluate the statements of work from these providers to ensure that adequate security protections are in place. Assess the providers' audit reports (or alternative sources) for security-related deficiencies and required "user controls," and report any findings to the Director of IT Security.