Manager Cyber Security

Position Title

Manager Cybersecurity – Location : Lahore / Kharian | Position Type : Full-Time Overview

Ace Money Transfer is seeking a highly experienced and dynamic Cyber Security Manager to lead and mentor both our Offensive (Red Team) and Defensive (Blue Team) security teams. This critical role will be responsible for developing, implementing, and overseeing the organization's overall cybersecurity strategy, ensuring the protection of our assets and data against evolving threats. The ideal candidate will possess a strong technical background with hands-on experience in either offensive or defensive security, coupled with proven leadership abilities and a deep understanding of security best practices and compliance frameworks. Responsibilities

Strategic Leadership (Offensive & Defensive Security) : Develop and implement the overarching cybersecurity strategy for the organization, encompassing both offensive (Red Team) and defensive (Blue Team) security initiatives and aligning them with business objectives. Team Management & Development : Lead, mentor, and manage both the Offensive Security and Defensive Security teams, fostering a collaborative and high-performing environment. This includes defining team objectives, assigning responsibilities, and facilitating professional growth. Offensive Security Operations : Oversee and guide the planning and execution of penetration testing, vulnerability assessments, and red team exercises to identify and exploit weaknesses in applications, systems, and networks. Ensure actionable recommendations for remediation are provided and tracked. Defensive Security Operations : Manage and enhance the organization\'s security monitoring, incident response, and threat intelligence capabilities. Ensure the effective detection, analysis, containment, eradication, and recovery from security incidents. Security Tooling & Technology Management : Oversee the selection, implementation, and management of a comprehensive suite of security tools and technologies used by both offensive and defensive teams (e.g., SIEM, EDR, vulnerability scanners, penetration testing frameworks). Ensure optimal utilization and integration of these tools. Secure Development Lifecycle (SDLC) Integration : Champion and enforce secure coding practices and security integration throughout the software development lifecycle, collaborating closely with development teams to build secure applications by design. Threat Modeling & Risk Assessment : Lead and participate in threat modeling exercises for applications and infrastructure, identifying potential security risks and proposing effective security controls for both prevention and detection. Vulnerability Management (Application & Infrastructure) : Develop and maintain a comprehensive vulnerability management program that spans both applications and infrastructure, overseeing the identification, tracking, prioritization, and remediation of security vulnerabilities identified through both offensive and defensive measures. Incident Response Management : Collaborate with the incident response team and provide leadership in investigating and responding to security incidents, particularly those related to applications. Contribute to the development and refinement of incident response plans and playbooks. Security Code Reviews & Architecture Guidance : Lead and guide security code reviews to analyze and assess the security posture of application code. Provide expert guidance on the design and implementation of secure application architectures, ensuring adherence to security-by-design principles. Compliance & Governance : Drive the implementation and maintenance of ISO 27001 and PCI DSS compliance frameworks across both application and infrastructure security domains. Ensure adherence to relevant security policies, standards, and regulations. Reporting & Communication : Develop and present clear and concise reports on the security posture of applications and infrastructure, including findings from offensive security activities and incident response efforts, to both technical and executive audiences. Security Awareness & Training : Promote a strong security awareness culture within the organization, collaborating on the development and delivery of security training programs for both technical and non-technical staff. Budget Management : Manage the cybersecurity budget for both offensive and defensive security initiatives, ensuring cost-effectiveness and optimal resource allocation. Qualifications

Bachelor\'s degree in Computer Science, Information Security, or a related field. Relevant security certifications (e.g., CISSP, CISM, OSCP, CEH) are highly desirable. Minimum of 5 years of progressive experience in cybersecurity roles. Mandatory hands-on experience with at least one of the following : Offensive Security Tools & Techniques :

Penetration testing frameworks (e.g., Metasploit, Cobalt Strike), vulnerability scanners (e.g., Nessus, Burp Suite), and exploitation methodologies. Defensive Security Tools & Techniques :

SIEM platforms (e.g., Splunk, ELK Stack, Sentinel), EDR solutions, intrusion detection / prevention systems (IDS / IPS), and threat intelligence platforms. Proven experience in the implementation and maintenance of ISO 27001 and PCI DSS standards. Strong understanding of network security principles, protocols, and technologies. Excellent analytical, problem-solving, and decision-making skills. Demonstrated leadership and team management abilities, with experience in building and motivating high-performing teams. Excellent communication, presentation, and interpersonal skills. Experience with cloud security platforms (e.g., AWS, Azure, GCP). Familiarity with security automation and orchestration (SOAR) tools. Experience with threat intelligence analysis and integration. Ace Money Transfer Profile

ACE Money Transfer Profile :