Cybersecurity Compliance Operations Head

Job Description:

The Cybersecurity Compliance Operations Head is responsible for ensuring security compliance across cloud environments and enterprise applications. This role leads cloud security governance, application security compliance, patch management, vulnerability management, and the implementation of the Secure Software Development Lifecycle (SSDLC). The position focuses on strengthening security controls, managing risks related to cloud services and applications, and ensuring adherence to security standards without managing or operating SOC functions.

Core Functional Skills:

• Cloud Security Compliance: Implement and monitor security controls across public and private cloud environments ensuring alignment with cybersecurity policies and regulatory frameworks.
• Application Security Governance: Establish secure coding guidelines, manage application security assessments, and enforce compliance with secure software development standards.
• Secure Software Development Lifecycle (SSDLC) Implementation: Lead the rollout of SSDLC frameworks ensuring that security is embedded across development, testing, deployment, and operations.
• Patch Management and Vulnerability Remediation: Oversee security patching, vulnerability scanning, and remediation activities across cloud services and application portfolios.
• Security Assessment and Compliance Audits: Manage application and cloud security assessments, ensuring compliance with ISO 27001, NIST, NCA ECC, and other standards.
• Policy Development and Enforcement: Develop, update, and enforce security policies related to cloud computing, application security, patching, and vulnerability management.
• Stakeholder Collaboration: Work closely with application development, cloud engineering, risk management, and cybersecurity teams to ensure end-to-end compliance.

Experience & Education:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Security, or a related field.
• 10+ years of experience in cloud security, application security, and cybersecurity compliance leadership roles.
• Proven expertise in implementing Secure Software Development Lifecycle (SSDLC) and vulnerability management programs.
• Certifications preferred: Certified Cloud Security Professional (CCSP), Certified Secure Software Lifecycle Professional (CSSLP), AWS Certified Security Specialty, Microsoft Certified Azure Security Engineer Associate, Google Professional Cloud Security Engineer, GIAC Web Application Penetration Tester (GWAPT), Offensive Security Web Expert (OSWE) (optional but preferred).