Head of Security
Beirut, Beyrouth, Lebanon
Full Time
4 weeks ago
No Sponsorship
Key skills
Cyber SecurityVersion ControlLeadershipCommunicationNegotiation
About this role
Role Overview
- Translate HQ’s baseline standards into a tailored security roadmap
- Develop and maintain a security maturity model scaled to the subsidiaries’ size and complexity
- Define tiers of subsidiaries by risk, industry, and data sensitivity to drive differentiated strategies
- Create and maintain a library of group-level policies, templates, and standards (e.g., IR plan, password policy)
- Facilitate adoption of policies across subsidiaries with appropriate localization
- Establish and manage a policy update cadence with version control
- Provide or recommend shared tooling across the group
- Negotiate contracts with preferred security vendors and manage licensing agreements
- Build lightweight security engineering support, whether internal or outsourced
- Participate in M&A evaluations to assess the cybersecurity posture of targets
- Advise investment teams on cyber risk exposure and hidden liabilities
- Conduct annual or biannual security self-assessments across subsidiaries.
- Consolidate results into quarterly dashboards for group leadership and HQ.
- Publish and maintain a group-wide incident response playbook.
- Serve as the first escalation point for incidents at the subsidiary level.
- Coordinate post-incident reviews and group-level communication.
- Help subsidiaries pursue and maintain compliance (e.g., SOC 2, ISO 27001, GDPR, HIPAA).
- Maintain a centralized view of compliance status across the group.
- Assist with customer/vendor security questionnaires and audits.
- Triage critical vulnerabilities and incidents across subsidiaries.
- Escalate material risks to HQ or Group X executives as needed.
- Maintain a group-wide risk register and coordinate prioritization.
Requirements
- 10+ years of experience in cybersecurity, with leadership roles across multiple business units or portfolio companies.
- Proven ability to work cross-functionally with engineering, operations, legal, and executive stakeholders.
- Deep familiarity with security standards and certifications (e.g., SOC 2, ISO 27001)
- Demonstrated experience in multi-entity environments such as holding companies, private equity, or decentralized organizations.
- Strong communication, negotiation, and influencing skills.
- Empathy for the business: Understands startup vs. mature subsidiary dynamics.
- Influence without authority: Excels at driving outcomes through relationships, not mandates.
- Operational fluency: Balances strategic vision with hands-on delivery.
- Program management: Leads repeatable assessments, tooling, and remediation efforts.
- Adaptability: Able to flex approaches across subsidiaries with varying maturity.
Tech Stack
- Cyber Security