Security Officer

DutiesLead and oversee the organization’s information security and cybersecurity strategy, ensuring alignment with business and pre-IPO requirements.Establish and maintain security governance frameworks, including reporting to executive leadership and board-level committees.Develop, implement, and regularly update security policies and procedures (e.g., Information Security, Incident Response, Data Protection, Access Control, Business Continuity).Conduct and maintain cyber risk assessments, risk registers, and mitigation plans aligned with recognized frameworks (ISO 27001, NIST, SOC 2).Manage and continuously improve incident response and breach preparedness, including escalation procedures and regulatory notification processes.Maintain records of historical security incidents, assess materiality, and support legal and disclosure readiness for IPO requirements.Oversee identity and access management (IAM), ensuring proper controls such as MFA, RBAC, and user lifecycle management.Ensure infrastructure and operational security, including asset management, patching, endpoint protection, backups, and disaster recovery planning.Implement and enforce data protection and privacy practices, including data classification, encryption, retention, and regulatory compliance (e.g., GDPR, CCPA).Collaborate with engineering teams to ensure secure application development practices, including SDLC security, code access controls, and vulnerability management.Manage third-party and vendor security risks, including assessments, contracts, and ongoing monitoring.Lead security awareness and training programs across the organization.Coordinate internal and external audits, track remediation efforts, and drive continuous security improvements.Ensure full IPO cybersecurity readiness, including risk disclosure, control validation, and investor communication support.Technical RequirementsStrong experience in information security, cybersecurity, or IT risk management (typically 5+ years).Deep understanding of security frameworks and standards such as ISO 27001, NIST CSF, and SOC 2.Hands-on experience with:Risk assessment and risk management methodologiesIncident response planning and executionIdentity and Access Management (IAM) systems and controlsMulti-Factor Authentication (MFA) and privileged access managementKnowledge of network, infrastructure, and cloud security principles.Experience with:Vulnerability management and penetration testingEndpoint protection and monitoring toolsBackup and disaster recovery solutions (RTO/RPO)Strong understanding of data protection and privacy regulations (e.g., GDPR, CCPA).Familiarity with secure software development practices (Secure SDLC, SAST/DAST).Experience managing third-party/vendor security risk and reviewing security controls (e.g., SOC reports).Ability to produce and maintain security documentation, reports, and audit evidence.Experience supporting compliance, audit, or IPO readiness activities is highly preferred.Non-Technical RequirementsExcellent communication skills, with the ability to present cyber risks to executives and board members.High level of integrity, confidentiality, and accountability.Strong analytical and problem-solving capabilities.Detail-oriented with strong organizational and documentation skills.Ability to manage multiple priorities in a high-pressure, pre-IPO environment.Proactive mindset focused on risk prevention and continuous improvement.Experience in training, mentoring, and raising organizational security awareness.