About You The Assistant Vice President (AVP), Cybersecurity is a leadership role responsible for the end-to-end management and strategic direction of CARSOME's cybersecurity program. This role is responsible for driving the delivery of Governance, Risk & Compliance (GRC), Security Operations, Cloud Security, and Product Security initiatives. The AVP will lead a team of security professionals to implement foundational security controls, meet audit expectations, and support strategic expansionin alignment with the Cybersecurity Strategy 2025 and ISO 27001 standards. Key Responsibilities: A. Leadership & Strategy: + Provide strategic leadership and direction for the cybersecurity function, aligning with CARSOME's overall business objectives and risk appetite. + Develop and implement a comprehensive cybersecurity program based, to drive growth in the maturity of CARSOME's cybersecurity posture. B. Governance, Risk & Compliance (GRC): + Establish and maintain a structured governance framework aligned with ISO 27001. + Oversee the development and enforcement of security policies, risk assessments, and compliance monitoring. + Ensure continuous security monitoring and reporting to Exco for improved oversight. + Establish a formal risk treatment plan and risk acceptance criteria. + Lead internal policy enforcement, risk register management, audit liaison, and vendor risk review. C. Security Operations: + Oversee security operations and information security incident response, ensuring timely detection, analysis, and remediation of security incidents. + Ensure timely and review of threat intel supplied by SIEM monitoring, MSOC and other relevant sources. + Drive outcomes from managed services, such as Managed SOC, DFIR, and VAPT, to triage alerts and defend audit controls. D. Cloud & Product Security: + Lead the implementation of cloud-native security tooling and drive CI/CD pipeline hardening in partnership with Engineering & DevOps teams. + Ensure the security of cloud workloads and infrastructure during the AWS-to-GCP migration. + Oversee the integration of SAST, DAST, and SCA security testing tools into CI/CD pipelines. + Consolidate Application Security (AppSec) and Product Security (ProdSec) into a unified Product Security function. E. Team Management & Development: + Lead and manage a team of security engineers and analysts, providing guidance, mentorship, and professional development opportunities. + Foster a security-first mindset and promote security awareness across the organization. F. Collaboration & Communication: + Collaborate with Engineering, DevOps, Product, Legal, IT, and Business Operations teams to prioritize security across all functions. + Communicate effectively with leadership and stakeholders on the status of the cybersecurity program, risks, and mitigation strategies. G. Budget Management: + Manage the cybersecurity budget, ensuring efficient allocation of resources to support key initiatives. Qualifications & Experiences: + Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field. + Minimum of 10 years of experience in cybersecurity, with at least 5 years in a leadership role. + Strong understanding of cybersecurity frameworks, such as ISO 27001, NIST, and SOX. + Experience with cloud security, DevSecOps, and incident response. + Excellent leadership, communication, and interpersonal skills. + Must demonstrate the ability to translate strategy into execution through verifiable + examples of past security program implementations, not just theoretical knowledge.