Head of Cyber/ Information Security
John Keells Holdings PLC (JKH) is Sri Lanka’s largest listed conglomerate in the Colombo Stock Exchange with over 150 years of expertise. From managing hotels and resorts in Sri Lanka and the Maldives to building the largest integrated resort in Sri Lanka, providing port, marine fuel and logistics services to IT solutions, manufacturing of food and beverages to running a chain of supermarkets, tea broking to stock broking, life insurance and banking to real estate, we have left a positive mark in virtually every major sphere of the economy.
Our culture is founded on embracing our values; Integrity, Trust, Caring, Innovation and Excellence, and acting in a socially responsible manner. Our employee experience emphasizes meritocracy, inclusivity and an active engagement in making a national contribution.
We are seeking a highly qualified, experienced professional to Head the Information Security Operations as per established Zero trust policy framework, guidelines, and procedures. This is a key leadership role as part of the Group IT function and will report in to the Group CIO and CISO.
Job Responsibilities
- Operationalize the approved Zero Trust Security policy framework, ensuring continuous verification, least privilege access, and micro-segmentation.
- Continuously enhance the procedures and SOPs as well make recommendations to enhance policies and governance models in line with ISO 27001, NIST, GDPR, and PDPA.
- Effectively govern and operationalize the approved SOC/SOAR strategy of the group to ensure effective management of threat intelligence, forensic investigations, and incident response.
- Ensure periodic audits to ensure compliance and to identify improvement areas in line with Group IT and Cyber-resilience strategy.
- Develop cybersecurity awareness and training programs, including phishing simulations and stakeholder engagement.
- Provide effective leadership to the team both internal and external to effectively execute the above.
- Fostering a high performance culture focused on operational excellence, accountability, continuous improvement and innovation
Person Specifications
- Bachelor’s or Master’s degree in IT or Computer Science.
- Specific Qualifications in Security related areas will be an added advantage.
- 10+ years of experience in IT strategy/operational management with at least 5+ years in security operations.
- Familiarity with security stacks of Cisco, Microsoft, Palo Alto, CyberArk, Cloudflare, AWS, and GCP will be an added advantage.
- Strong leadership and stakeholder management skills are of the essence.
- Certifications such as CISSP, CISM, and CCSP are highly desirable.
Interested candidates are encouraged to apply on or before 16th July 2026 by clicking on the advert.
By applying, you consent to the processing of your personal information for recruitment purposes and acknowledge that reference checks may be conducted