Information Security Officer

About The Position

Requirements

• Bachelor’s or Master’s degree in Computer Science, Information Security, Business Administration, or a related field
• Minimum 7 years of experience in cybersecurity or information risk management, including 5 years in a leadership role
• Strong knowledge of cybersecurity frameworks, risk management practices, and regulatory requirements
• Strong knowledge of cybersecurity technologies, identity and access management, network security, and cloud security (e.g., Azure, AWS).
• Deep understanding of secure software development lifecycles, data classification, and regulatory compliance.
• Experience leading teams and managing performance, development, and recruitment
• Ability to manage multiple priorities in a fast-paced, evolving environment
• Strong communication skills with the ability to translate complex security topics into business impact terms for technical and non-technical stakeholders.
• Proven ability to handle sensitive, complex, and confidential matters with sound judgment and discretion

Nice To Haves

• Relevant certifications (e.g., CISSP, CISM, or similar) are considered an asset
• A passion for staying ahead of evolving cyber threats and technologies.
• A collaborative mindset and comfort working across global teams.
• A detail-oriented approach to processes and documentation.
• Ownership and accountability in delivering secure, scalable solutions.

Responsibilities

• Lead the development and execution of KCB’s cybersecurity strategy and operating model.
• Oversee security governance, including policies, standards, and compliance activities.
• Design and deliver cybersecurity awareness and training programs.
• Identify vulnerabilities through regular risk assessments and audits, and implement mitigation plans across infrastructure, applications, and cloud services.
• Identify, assess, and report on cybersecurity, IT, and regulatory risks to information assets
• Establish and maintain security policies, standards, and procedures to comply with applicable frameworks such as ISO/IEC 27001, NIST, and GDPR.
• Establish resilience standards aligned with enterprise risk and business continuity objectives
• Lead second-line assurance functions, including audits and control effectiveness reviews
• Direct and coordinate incident detection and response procedures, including investigation, escalation, remediation, and post-mortem analysis.
• Develop and manage incident response and recovery plans to ensure business continuity
• Lead and support investigations, risk analysis, and response to security incidents
• Partner with IT, Engineering, HR, and Legal to strengthen security awareness and integrate security best practices across departments.
• Collaborate with external partners (e.g., law enforcement, advisory bodies) to maintain a strong security posture
• Evaluate, implement, and manage security tools (e.g., SIEM, endpoint protection, access controls) to proactively defend against threats.
• Implement and maintain security controls (e.g., firewalls, intrusion detection/prevention, encryption).
• Assess and monitor the security posture of third-party vendors and service providers.

Benefits

• Hybrid work opportunities
• Annual performance and salary review
• Vacation policy that aligns with your experience
• Flexible benefits, including Registered Savings Plan, social, and mental well-being initiatives
• Commitment to global Environmental Social Governance standards