1. The Challenge & Business Problem

Our organization is at a critical point where we need to move beyond a reactive security posture to a proactive, strategic one. We currently lack a cohesive cybersecurity program, which has led to a fragmented approach to security, unmanaged vulnerabilities, and an undefined incident response process. This situation exposes our business to significant risks, jeopardizes data integrity, and makes it challenging to meet compliance requirements. We need an expert to build a robust security foundation that aligns with our business goals.

2. Key Problems to Be Solved

The expert on this project will be expected to resolve the following critical issues:

• Strategic Gaps: Develop and implement a cohesive cybersecurity strategy that covers all key domains and provides a clear roadmap for long-term security maturity.
• Risk & Vulnerability Management: Establish a continuous process for identifying, assessing, and mitigating security risks and vulnerabilities across all systems.
• Reactive Incident Response: Build a structured and effective incident response plan that reduces the time to detect and contain threats.
• Technology Inefficiency: Ensure our existing security technologies (SIEM, EDR, DLP) are fully optimized and integrated to provide maximum protection and visibility.

3. Required Expertise & Technical Skills

We are looking for a specialist with a deep understanding of cybersecurity governance and hands-on technical skills. The ideal candidate must have:

• Strategic & Leadership Skills: Extensive experience in leading and managing full-scale cybersecurity programs.
• Technical Domains: Deep knowledge across multiple cybersecurity domains, including network security, application security, cloud security, and data protection.
• Frameworks & Compliance: Proven proficiency with industry security frameworks (NIST, ISO 27001) and a strong understanding of compliance requirements (GDPR, SOC 2).
• Incident Response & Forensics: Strong incident handling skills, including threat hunting and digital forensics.
• Certifications: Advanced security certifications such as CISSP, CISM, or CISA are a must.

4. Post-Project Support & Expectations

Upon project completion, we require a final knowledge transfer session to transition the new strategy and processes to our internal team. We expect a complete set of documentation, including a security strategy roadmap, incident response playbooks, and key metric reports. Given the strategic nature of this project, we will also require one month of post-project support to ensure a smooth transition and address any follow-up questions. There is also potential for this role to evolve into an ongoing retainer.

5. Project Goal & Our Ideal Candidate

Our ultimate goal is to establish a proactive and resilient cybersecurity program that protects our critical assets and builds stakeholder confidence. We are seeking a trusted advisor and a hands-on expert who can not only develop a strategy but also provide actionable guidance and leadership. The ideal freelancer should be a strategic thinker with excellent communication skills and a deep commitment to security excellence.