Information Security Officer

Lesha Bank is searching for the greatest talent and brightest minds to contribute to the current growth phase at our bank. We are looking for top-tier individuals who are passionate and hungry to add value from day one. Every day at Lesha is different, presenting a new challenge with the opportunity to contribute and grow. We are looking for an Information Security Officer (ISO).

Role Purpose

The Information Security Officer (ISO) will develop, implement, and oversee the bank's information security strategy, policies, and controls. The ISO ensures that the bank's data, systems, applications, and infrastructure are safeguarded against internal and external threats while complying with local regulatory requirements (QCB, QFCRA, NCSA-Q) and international standards (ISO 27001, NIST, GDPR, PCI-DSS).

Key Responsibilities

Governance & Compliance

• Establish, maintain, and enforce the bank's information security framework in alignment with QCB, QFCRA, and local cybersecurity regulations.
• Ensure compliance with international standards (ISO 27001, NIST CSF, COBIT, PCI-DSS) and conduct regular gap analyses.
• Prepare and present security risk assessments and reports to senior management, regulators, and the Board Risk Committee.
• Design, implement, and enforce security policies, procedures, and controls to safeguard the bank's infrastructure and data.

Security Operations

• Oversee Security Operations Center (SOC) activities, incident response, and threat intelligence monitoring.
• Develop and maintain business continuity, disaster recovery, and incident response plans.
• Implement and monitor Data Loss Prevention (DLP), intrusion detection/prevention (IDS/IPS), endpoint protection, and other security tools.
• Lead investigations of security breaches, develop mitigation strategies, and ensure lessons learned are integrated into policies and processes.
• Conduct regular staff training on security awareness, best practices, and incident procedures.
• Collaborate with IT and business teams to continuously enhance security culture and controls.

Risk Management

• Conduct enterprise-wide risk assessments for systems, applications, vendors, and third-party service providers.
• Identify vulnerabilities and ensure timely remediation through patch management and secure configurations.
• Partner with IT and business units to integrate security into new products and initiatives.

Vendor & Technology Oversight

• Evaluate and approve technology vendors, outsourcing partners, and cloud solutions for security compliance.
• Manage penetration tests, vulnerability assessments, and external audits.

Requirements

• Bachelor's degree in Information Security, Computer Science, or a related field. Master's degree preferred.
• Professional certifications: CISSP or CISM required; CISA and ISO 27001 Lead Implementer preferred.
• Cloud security certifications (e.g., CCSP, AWS Security) are a plus.
• 8–12 years in information security, with at least 5 years in the financial-services sector.
• Strong background in banking systems, digital channels, payment systems, and regulatory compliance.
• Proven experience engaging with regulators (QCB, QFCRA, CMA, or equivalent).
• Proven experience in implementing SIEM solutions and managing SOC teams.
• Expertise in cybersecurity frameworks, network security, cryptography, and identity & access management.
• Strong risk management, analytical, and problem-solving skills.
• Excellent communication and stakeholder-management skills, capable of engaging effectively with regulators, auditors, and the Board.
• Ability to influence across departments, drive a culture of security, and lead change initiatives without direct authority.