AVP, Cybersecurity

About You

The Assistant Vice President (AVP), Cybersecurity is a leadership role responsible for the end-to-end management and strategic direction of CARSOME's cybersecurity program. This role is responsible for driving the delivery of Governance, Risk & Compliance (GRC), Security Operations, Cloud Security, and Product Security initiatives. The AVP will lead a team of security professionals to implement foundational security controls, meet audit expectations, and support strategic expansionin alignment with the Cybersecurity Strategy 2025 and ISO 27001 standards.

Key Responsibilities:

A. Leadership & Strategy:

• Provide strategic leadership and direction for the cybersecurity function, aligning with CARSOME’s overall business objectives and risk appetite.
• Develop and implement a comprehensive cybersecurity program based, to drive growth in the maturity of CARSOME's cybersecurity posture.

B. Governance, Risk & Compliance (GRC):

• Establish and maintain a structured governance framework aligned with ISO 27001.
• Oversee the development and enforcement of security policies, risk assessments, and compliance monitoring.
• Ensure continuous security monitoring and reporting to Exco for improved oversight.
• Establish a formal risk treatment plan and risk acceptance criteria.
• Lead internal policy enforcement, risk register management, audit liaison, and vendor risk review.

C. Security Operations:

• Oversee security operations and information security incident response, ensuring timely detection, analysis, and remediation of security incidents.
• Ensure timely and review of threat intel supplied by SIEM monitoring, MSOC and other relevant sources.
• Drive outcomes from managed services, such as Managed SOC, DFIR, and VAPT, to triage alerts and defend audit controls.

D. Cloud & Product Security:

• Lead the implementation of cloud-native security tooling and drive CI/CD pipeline hardening in partnership with Engineering & DevOps teams.
• Ensure the security of cloud workloads and infrastructure during the AWS-to-GCP migration.
• Oversee the integration of SAST, DAST, and SCA security testing tools into CI/CD pipelines.
• Consolidate Application Security (AppSec) and Product Security (ProdSec) into a unified Product Security function.

E. Team Management & Development:

• Lead and manage a team of security engineers and analysts, providing guidance, mentorship, and professional development opportunities.
• Foster a security-first mindset and promote security awareness across the organization.

F. Collaboration & Communication:

• Collaborate with Engineering, DevOps, Product, Legal, IT, and Business Operations teams to prioritize security across all functions.
• Communicate effectively with leadership and stakeholders on the status of the cybersecurity program, risks, and mitigation strategies.

G. Budget Management:

• Manage the cybersecurity budget, ensuring efficient allocation of resources to support key initiatives.

Qualifications & Experiences:

• Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field.
• Minimum of 10 years of experience in cybersecurity, with at least 5 years in a leadership role.
• Strong understanding of cybersecurity frameworks, such as ISO 27001, NIST, and SOX.
• Experience with cloud security, DevSecOps, and incident response.
• Excellent leadership, communication, and interpersonal skills.
• Must demonstrate the ability to translate strategy into execution through verifiable
• examples of past security program implementations, not just theoretical knowledge.