ICT Information Security Team Lead

The ICT Information Security Team Lead (SecOps-focused) leads day-to-day security operations to protect the organization’s infrastructure, endpoints, cloud workloads, applications, and data. This role owns the operational security program including detection and response, vulnerability management, security monitoring, threat hunting, and continuous improvement of security controls. The role oversees Governance, Risk, and Compliance to maintain Security Operations in line with ISO/IEC 27001 standards and audit readiness.

Duties & Responsibilities:

• Own and continuously improve SIEM/SOAR capability, use-case coverage, alert fidelity, and tuning to reduce noise and increase detection accuracy.

• Define and maintain monitoring standards: log onboarding, parsing, retention, correlation rules, and alert triage workflows.

• Establish operational metrics (MTTD, MTTR, false positive rate, detection coverage) and report trends to leadership.

• Own the Incident Response lifecycle: preparation, detection, analysis, containment, eradication, recovery, and post-incident reviews.

• Own the end-to-end vulnerability management program: scanning strategy, prioritization, remediation SLAs, exceptions, and validation.

• Ensure strong operational controls for endpoint security (EDR), identity security (MFA, PAM, access reviews), and cloud security (workload protection, posture management).

• Own the SecOps tooling roadmap (SIEM, EDR/XDR, vulnerability scanners, email security, CASB/SSPM/CSPM where relevant).

• Automate repetitive SecOps tasks using scripting and SOAR playbooks (enrichment, triage, containment actions, ticketing integration).

• Ensure SecOps processes and evidence meet ISO 27001 expectations (e.g., incident management, logging/monitoring, access control, vulnerability management, supplier-related operational risks where applicable).

• Lead and mentor SecOps lead/analysts/engineers; define skill development plans and build on-call and escalation coverage.

• Maintain an ISO/IEC 27001-aligned, version-controlled security documentation and evidence repository (policies, standards, procedures, runbooks, records), ensuring timely reviews/approvals and audit-ready artifacts that accurately reflect operational practices and support internal/external audits.

• All other duties as assigned.

Skills & Qualifications:

• Bachelor’s degree in information security, Computer Science, IT, Engineering, or related field.

• 8 - 12+ years in IT/Security, including 3 - 5+ years in SecOps leadership or senior SecOps engineering.

• Experience supporting ISO/IEC 27001 audits through operational evidence and corrective action management.

• Core SecOps Technical Skills (SIEM/SOAR, EDR/XDR, Cloud security operations (Azure/AWS), TCP/IP, DNS, AD/Entra, Linux/Windows, virtualization).

• ISO/IEC 27001 & Process Skills.

• Certified CISSP or CISM.
  

Additional Preferred:

• Certified ISO/IEC 27001 Lead Implementer or ISO/IEC 27001 Lead Auditor.

• GIAC (e.g., GCIH/GCIA), CCSP (cloud-heavy), CRISC (risk-heavy), or vendor certs relevant to SIEM/EDR platforms.

• Vulnerability: Tenable Nessus, Qualys (or equivalent).

• Cloud security: CSPM/SSPM/CASB tools (as applicable)

• Ticketing/ITSM: ServiceNow/Jira and workflow integration

• Scripting/automation: PowerShell, Python, KQL/SQL basics

Please find our Privacy Notice for applicants on this following link: https://www.petrolink.com/privacy-notice-job-applicants/