Head of Security

Aspire Software

KEY RESPONSIBILITIES:

• Translate HQ s baseline standards into a tailored security roadmap
• Develop and maintain a security maturity model scaled to the subsidiaries size and complexity
• Define tiers of subsidiaries by risk, industry, and data sensitivity to drive differentiated strategies
• Create and maintain a library of group-level policies, templates, and standards (e.g., IR plan, password policy)
• Facilitate adoption of policies across subsidiaries with appropriate localization
• Establish and manage a policy update cadence with version control
• Provide or recommend shared tooling across the group
• Negotiate contracts with preferred security vendors and manage licensing agreements
• Build lightweight security engineering support, whether internal or outsourced
• Participate in M&A evaluations to assess the cybersecurity posture of targets
• Advise investment teams on cyber risk exposure and hidden liabilities
• Conduct annual or biannual security self-assessments across subsidiaries.
• Consolidate results into quarterly dashboards for group leadership and HQ.
• Publish and maintain a group-wide incident response playbook.
• Serve as the first escalation point for incidents at the subsidiary level.
• Coordinate post-incident reviews and group-level communication.
• Help subsidiaries pursue and maintain compliance (e.g., SOC 2, ISO 27001, GDPR, HIPAA).
• Maintain a centralized view of compliance status across the group.
• Assist with customer/vendor security questionnaires and audits.
• Triage critical vulnerabilities and incidents across subsidiaries.
• Escalate material risks to HQ or Group X executives as needed.
• Maintain a group-wide risk register and coordinate prioritization.