ICT Information Security Team Lead / IDN-HR029

Job Summary

The ICT Information Security Team Lead (SecOps-focused) leads day-to-day security operations to protect the organization’s infrastructure, endpoints, cloud workloads, applications, and data. This role owns the operational security program including detection and response, vulnerability management, security monitoring, threat hunting, and continuous improvement of security controls. The role oversees Governance, Risk, and Compliance to maintain Security Operations in line with ISO/IEC 27001 standards and audit readiness.

Why Join Petrolink?

• Career Growth: We are committed to your professional development, offering continuous learning, training, and clear paths for advancement within our organization.
• Innovative Projects: Work on exciting, challenging projects that push the boundaries of technology in the Oil and Gas sector.
• Collaborative Teamwork: Engage with a multi-disciplinary team where your voice and ideas are valued.
• Long-Term Opportunities: Build a lasting career with us, supported by ongoing opportunities for growth and progression.

Duties and Responsibilities

• Own and continuously improve SIEM/SOAR capability, use-case coverage, alert fidelity, and tuning to reduce noise and increase detection accuracy.
• Define and maintain monitoring standards: log onboarding, parsing, retention, correlation rules, and alert triage workflows.
• Establish operational metrics (MTTD, MTTR, false positive rate, detection coverage) and report trends to leadership.
• Own the Incident Response lifecycle: preparation, detection, analysis, containment, eradication, recovery, and post-incident reviews.
• Develop/maintain incident playbooks and conduct tabletop exercises; ensure lessons learned convert into actionable control improvements.
• Coordinate incident communications with stakeholders (ICT, Legal, HR, leadership) and manage evidence handling/forensic readiness when needed.
• Lead proactive threat hunting based on environment-specific hypotheses, MITRE ATT&CK mapping, and threat intelligence feeds.
• Translate threat intel into detections, hardening actions, and prioritized remediation tasks.
• Coordinate purple-team activities (blue/red collaboration) to validate detections and improve response maturity.
• Own the end-to-end vulnerability management program: scanning strategy, prioritization, remediation SLAs, exceptions, and validation.
• Partner with Support teams/Dev teams to remediate vulnerabilities and misconfigurations; ensure secure baselines (e.g., CIS hardening) are adopted.
• Oversee patch governance reporting and ensure critical exposures are tracked to closure.
• Ensure strong operational controls for endpoint security (EDR), identity security (MFA, PAM, access reviews), and cloud security (workload protection, posture management).
• Drive least-privilege access and privileged access governance in collaboration with IT and business owners.
• Support secure configuration management across endpoints, servers, and cloud resources.
• Own the SecOps tooling roadmap (SIEM, EDR/XDR, vulnerability scanners, email security, CASB/SSPM/CSPM where relevant).
• Automate repetitive SecOps tasks using scripting and SOAR playbooks (enrichment, triage, containment actions, ticketing integration).
• Ensure integrations are reliable and measurable (data completeness, latency, coverage).
• Ensure SecOps processes and evidence meet ISO 27001 expectations (e.g., incident management, logging/monitoring, access control, vulnerability management, supplier-related operational risks where applicable).
• Maintain operational SOPs, runbooks, and evidence artifacts (incident records, vulnerability reports,
  access review outputs, monitoring coverage, change approvals).
• Support internal/external audits by providing timely evidence and driving corrective actions for audit findings.
• Lead and mentor SecOps lead/analysts/engineers; define skill development plans and build on-call and escalation coverage.
• Set team objectives, define operating rhythms, and ensure consistent triage and response standards. Promote a culture of continuous improvement and measurable outcomes.
• Own and run the security awareness program, onboarding/annual refreshers, and phishing simulations, while driving policy acknowledgements and targeted interventions to reduce user risk.
• Measure effectiveness through clear KPIs (e.g., completion rates, phishing click/report rates), report outcomes to leadership, and coordinate communications and escalations with HR/management to ensure sustained compliance and a strong security culture.
• Maintain an ISO/IEC 27001-aligned, version-controlled security documentation and evidence repository (policies, standards, procedures, runbooks, records), ensuring timely reviews/approvals and audit-ready artifacts that accurately reflect operational practices and support internal/external audits.
• All other duties as assigned.

Skills & Qualifications

Skills:

• Core SecOps Technical Skills (Must Have)
  • Strong experience in Security Operations: alert triage, incident response, detection engineering, and vulnerability management.
  • Hands-on expertise with at least two of the following areas:
  • SIEM/SOAR operations and use-case tuning.
  • EDR/XDR operations and endpoint investigations.
  • Cloud security operations (Azure/AWS), including workload logging/monitoring.
  • IAM/privileged access operations and access governance.
  • Proficiency with operational security concepts:
  • Logging, telemetry, correlation, and incident lifecycle management.
  • Threat hunting methodologies and MITRE ATT&CK mapping.
  • Vulnerability management workflows and remediation governance.
  • Working knowledge of networking and system fundamentals (TCP/IP, DNS, AD/Entra, Linux/Windows, virtualization).
• ISO/IEC 27001 & Process Skills (Must Have)
  • Practical understanding of ISMS operating requirements as they relate to SecOps:
  • Evidence collection and audit-ready documentation
  • Operational control implementation and tracking (incidents, vulnerabilities, access governance, monitoring)
  • Ability to translate ISO 27001 expectations into measurable operational practices and KPIs.
• Tools & Technology (Preferred)
  • SIEM/SOAR: Microsoft Sentinel, Splunk, QRadar, Elastic, Chronicle (or equivalent)
  • EDR/XDR: Microsoft Defender, CrowdStrike, SentinelOne (or equivalent)
  • Vulnerability: Tenable Nessus, Qualys (or equivalent)
  • Cloud security: CSPM/SSPM/CASB tools (as applicable)
  • Ticketing/ITSM: ServiceNow/Jira and workflow integration
  • Scripting/automation: PowerShell, Python, KQL/SQL basics
• Leadership & Communication (Must Have)
  • Proven ability to lead cross-functional response efforts under pressure and drive outcomes.
  • Strong written communication: incident reports, executive summaries, and audit evidence narratives.
  • Risk-based prioritization skills with clear stakeholder management and escalation discipline.

Qualifications:

• Bachelor’s degree in information security, Computer Science, IT, Engineering, or equivalent experience.
• 8 – 12+ years in IT/Security, including 3 – 5+ years in SecOps leadership or senior SecOps engineering.
• Demonstrated delivery of security operations improvements (metrics, processes, tooling maturity).
• Experience supporting ISO/IEC 27001 audits through operational evidence and corrective action management.

Certification Requirement

• Mandatory (At least one):
  CISSP or CISM.
• Strongly Preferred (ISO/IEC 27001):
  ISO/IEC 27001 Lead Implementer or ISO/IEC 27001 Lead Auditor.
• Additional Preferred:
  GIAC (e.g., GCIH/GCIA), CCSP (cloud-heavy), CRISC (risk-heavy), or vendor certs relevant to SIEM/EDR platforms.

Note :
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills.