Lead Information Security Engineer

We are looking for a Lead Information Security and Systems Management Engineer. This role will shape our security and systems strategy, ensuring our infrastructure matures as we scale and that our global team’s work environments meet high security standards.

You will tackle challenges around expanding systems and processes, implement best practices, and unify all information security domains. With strong organizational support, resources, and a reliable, experienced team, you will be the key decision-maker for security. You will also work closely with leaders across the company — including HR, the CEO, and the MD — to build integrated processes and drive company-wide adoption of security initiatives.

Key Responsibilities

• Identity & Access Management (IAM): Responsibility for centralized access management, including developing and maintaining a robust RBAC model. Oversee access granting, revocation, and periodic access reviews. Ensure proper configuration of SSO, MFA, and least-privilege policies. Conduct account audits and monitor for privilege misuse or anomalies.
• Application Security: Embed security into the software development lifecycle by securing application architecture with the Head of Development. Implement DevSecOps, protect secrets and IP, use SAST/DAST, perform threat modeling, and regularly review third-party libraries and services to prevent vulnerabilities and ensure secure deployment.
• Infrastructure Security: Protect the company’s IT infrastructure through secure network architecture, segregation, server and endpoint hardening, and patching policies. Work closely with the Head of Infrastructure and Networks, with a strong focus on cloud security, to prevent vulnerabilities and ensure secure operation across all infrastructure components.
• Incidents Monitoring & Response: Implement a SIEM for real-time monitoring, build a SOC, and establish response processes for proactive detection and fast, effective resolution of security incidents. Continuously improve incident management capabilities.

Qualifications

• Degree in Information Security, Computer Science, or a related field.
• 5–7 years of experience in information security or related roles, with a strong focus on scaling security processes in rapidly growing organizations.
• Extensive knowledge of security frameworks and best practices, including IAM (Identity and Access Management), RBAC (Role-Based Access Control), and compliance standards (e.g., GDPR, ISO 27001).
• Strong background in application and infrastructure security, including secure software development (DevSecOps), network security, cloud security, and endpoint protection.
• Hands-on experience with SIEM systems and incident response protocols, including setting up and managing a Security Operations Center (SOC).
• Demonstrated ability to collaborate with cross-functional teams, such as development, infrastructure, and HR, to integrate security practices across all business units.
• Experience in risk management and governance, including the development and maintenance of risk registers and the ability to lead compliance efforts across the organization.
• Strong leadership and mentoring skills, with a track record of developing high-performing security teams and driving strategic security initiatives.
• Excellent communication skills, with the ability to convey complex security concepts to non-technical stakeholders and align security initiatives with business objectives.