IT Security Head

1. Security Strategy and Board Reporting: Security roadmap, KRIs/KPIs, risk register, executive reporting;
2. MSSP/SOC Governance (Outsourced Services): SLAs, service reviews, continuous improvement, report and recommendation validation.
3. ISO 27001 – Implementation, Certification, and Maintenance: ISMS, policies, control owners, evidence, audits, action plan;
4. Policies, Standards, and Processes (Governance): Policies, technical standards, procedures, exception management;
5. OT Security Oversight (Factories and Warehouses): Segmentation, monitoring, OT IR playbooks, industrial risk management;
6. IAM/PAM and Access Governance (Systems and Data): Access reviews, SoD, privileged access, JIT/JEA, alignment with Entra;
7. Application Security and Secure SDLC: Security requirements in Azure DevOps (pipelines, gates, code scanning, approvals);
8. Data Protection (Classification, DLP, Retention): Taxonomy, DLP/Purview, retention, and access controls with Data Lead.

Bachelor’s or Master’s degree in Cybersecurity, Information Systems, or related field;
10 - 12 years of experience in Information Security;
5 years of minimum experience in Managerial or head-of-security positions;
Experience managing MSSP/SOC outsourced vendors;
Strong experience in designing security architecture across multi-country environments;
Experience with Microsoft Security Stack (Defender, Sentinel, Entra ID);
ISO 27001 Lead Implementer or Auditor;
CISSP, CISM, or CISA;
Cloud security certifications (Microsoft Security Engineer, SC-100, AZ-500);
OT Security and Risk Management certificates (ISA/IEC 62443);
Proven track record in leading ISO27001 certification projects;
Familiarity with OT/Industrial security highly desirable;
Deep knowledge of cybersecurity governance, risk, compliance, and IT audit;
Understanding of FMCG, manufacturing, or industrial environments (OT/ICS);
Strong grasp of incident response, SOC operations, vulnerability management, and identity governance;
Knowledge of multinational operating models and data privacy requirements (GDPR, local laws);
Cybersecurity governance, processes, and policies;
Incident Response & Crisis Management;
Security Architecture & Risk Assessment;
Communication & Executive Reporting;
Stakeholder management across geographies;
Cloud security (Azure, M365) and On-Premise Security.

Indústria do sector alimentar