Information Security Analyst to Senior Manager

Define and implement the security roadmap for the organization, aligning security initiatives with business priorities and regulatory requirements (e.g., C3, Data Security Law, Personal Information Protection Law).

Maintain and executesecurity policies, standards, and procedures across the IT infrastructure landscape.

Manage security budget, vendor relationships, and technology selection to ensure cost-effective investment in security capabilities.
Defense-in-Depth Operations and Architecture

Lead the design, deployment, and continuous operation of security controls across the full technology stack:

Endpoint Security: Oversee EDR, antivirus, and endpoint management strategies; lead endpoint threat hunting and incident response.

Network Security: Govern firewall, IDS/IPS, WAF, and network access control policies; ensure effective segmentation and least-privilege access.

Host and Application Security: Establish vulnerability management and patch management programs; drive security hardening and configuration standards.

Data Security: Champion data classification, DLP implementation, and monitoring of sensitive data access and usage.
Privileged Access and Identity Governance

Oversee the Privileged Access Management (PAM) program, including bastion hosts and privileged account lifecycle management.

Conduct regular reviews of high-risk account activities (e.g., database administrators, system administrators) to detect and remediate unauthorized access, privilege misuse, and shared account risks.
Proactive Security Assessment and Threat Simulation

Lead offensive security efforts to continuously validate defense effectiveness:

Penetration Testing: Direct and conduct black-box and white-box penetration tests for web applications, internal networks, and mobile apps to uncover business logic flaws, privilege escalation vulnerabilities, and architectural weaknesses.

Vulnerability Research: Guide the team in code-level security reviews to identify vulnerabilities such as SQL injection, XSS, and deserialization flaws; oversee the development of POC exploits and automation scripts.

Adversary Simulation: Design and execute red team exercises, phishing campaigns, and adversary emulation (e.g., lateral movement, persistence techniques) to test detection and response capabilities.
Security Monitoring, Incident Response, and Crisis Management

Monitoring and Analysis: Establish and oversee security monitoring capabilities, including SIEM, network traffic analysis, honeypots, and EDR; ensure timely detection and investigation of security events.

Incident Response: Lead the organization’s incident response process, including containment, forensics, remediation, and post-incident reviews; develop and maintain an incident response plan and conduct regular tabletop exercises.

Crisis Communication: Serve as the primary technical escalation point during security incidents, coordinating with IT, legal, compliance, and executive stakeholders.
Reporting, Metrics, and Stakeholder Communication

Produce and present security reports to senior management, including metrics on threat landscape, security posture, incident trends, and program maturity.

Deliver high-quality technical reports (e.g., penetration test reports, risk assessments) with actionable recommendations tailored to both technical and business audiences.

Translate security risks into business terms to facilitate informed decision-making by leadership.
Cross-Functional Enablement

Build and mentor the security function, establishing processes, playbooks, and knowledge-sharing practices.

Partner with IT infrastructure, application development, and business units to embed security best practices into daily operations and development lifecycles.

Develop and deliver security awareness and training programs for IT staff and end users.