CARSOME
Glassdoor rating

About You

The Assistant Vice President (AVP), Cybersecurity is a leadership role responsible for the end-to-end management and strategic direction of CARSOME's cybersecurity program. This role is responsible for driving the delivery of Governance, Risk & Compliance (GRC), Security Operations, Cloud Security, and Product Security initiatives. The AVP will lead a team of security professionals to implement foundational security controls, meet audit expectations, and support strategic expansionin alignment with the Cybersecurity Strategy 2025 and ISO 27001 standards.

Key Responsibilities:

A. Leadership & Strategy:

  • Provide strategic leadership and direction for the cybersecurity function, aligning with CARSOME’s overall business objectives and risk appetite.
  • Develop and implement a comprehensive cybersecurity program based, to drive growth in the maturity of CARSOME's cybersecurity posture.

B. Governance, Risk & Compliance (GRC):

  • Establish and maintain a structured governance framework aligned with ISO 27001.
  • Oversee the development and enforcement of security policies, risk assessments, and compliance monitoring.
  • Ensure continuous security monitoring and reporting to Exco for improved oversight.
  • Establish a formal risk treatment plan and risk acceptance criteria.
  • Lead internal policy enforcement, risk register management, audit liaison, and vendor risk review.

C. Security Operations:

  • Oversee security operations and information security incident response, ensuring timely detection, analysis, and remediation of security incidents.
  • Ensure timely and review of threat intel supplied by SIEM monitoring, MSOC and other relevant sources.
  • Drive outcomes from managed services, such as Managed SOC, DFIR, and VAPT, to triage alerts and defend audit controls.

D. Cloud & Product Security:

  • Lead the implementation of cloud-native security tooling and drive CI/CD pipeline hardening in partnership with Engineering & DevOps teams.
  • Ensure the security of cloud workloads and infrastructure during the AWS-to-GCP migration.
  • Oversee the integration of SAST, DAST, and SCA security testing tools into CI/CD pipelines.
  • Consolidate Application Security (AppSec) and Product Security (ProdSec) into a unified Product Security function.

E. Team Management & Development:

  • Lead and manage a team of security engineers and analysts, providing guidance, mentorship, and professional development opportunities.
  • Foster a security-first mindset and promote security awareness across the organization.

F. Collaboration & Communication:

  • Collaborate with Engineering, DevOps, Product, Legal, IT, and Business Operations teams to prioritize security across all functions.
  • Communicate effectively with leadership and stakeholders on the status of the cybersecurity program, risks, and mitigation strategies.

G. Budget Management:

  • Manage the cybersecurity budget, ensuring efficient allocation of resources to support key initiatives.

Qualifications & Experiences:

  • Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field.
  • Minimum of 10 years of experience in cybersecurity, with at least 5 years in a leadership role.
  • Strong understanding of cybersecurity frameworks, such as ISO 27001, NIST, and SOX.
  • Experience with cloud security, DevSecOps, and incident response.
  • Excellent leadership, communication, and interpersonal skills.
  • Must demonstrate the ability to translate strategy into execution through verifiable
  • examples of past security program implementations, not just theoretical knowledge.

%FOOTER_POWERED_BY%breezy