Executive – Lead Information Security Engineer

People's Leasing & Finance PLC

Job description – Executive – Lead Information Security Engineer

Lead the Digital Defense of a Financial Giant

Are you a cybersecurity strategist ready to protect one of Sri Lanka’s most respected financial institutions? People’s Leasing & Finance PLC (PLC) is looking for an Executive – Lead Information Security Engineer to join our award-winning team in Colombo. With a legacy spanning three decades and a network of over 100 branches, we provide a platform for game-changers to excel in a high-performance culture. If you are passionate about ethical business practices and technical excellence, we offer the support and rewards to push your career toward greater heights in a stable, Fitch-rated enterprise.

Key Responsibility

  • Support the Information Security Officer (ISO) in the design, implementation, and continuous improvement of technical information security controls to protect critical systems and digital assets.

  • Lead and perform technical security activities including vulnerability assessments, penetration testing (VAPT), red teaming exercises, security benchmarking, and system hardening across infrastructure, applications, cloud, and network environments.

  • Recommend, tune and coordinate the implementation of security rules and policies across security platforms and tools (e.g., SIEM, EDR, firewalls, PAM, DLP, WAF, IDS/IPS, cloud security tools).

  • Identify, assess, prioritize, and coordinate remediation of technical security vulnerabilities and weaknesses in line with industry best practices and security frameworks.

  • Coordinate with internal IT operations, network, and development teams to ensure secure system configurations and effective implementation of security controls.

  • Act as the Security Operations Center (SOC) coordinator, supporting security monitoring, incident detection, response, and escalation activities.

  • Ethical practices and following procedures laid down by the Company in selling and cross selling of products.

  • High level of organizational understanding with the ability to collaborate holistically across business and technology stakeholders.

  • Knowledge and application of Company rules, regulations, circulars, guidelines, policies, and procedures, with timely updates on changes.

  • Coordinate with external security vendors and service providers for VAPT, SOC services, security tools, and remediation activities.

  • Support threat detection, incident response, and post-incident analysis to strengthen preventive and detective security controls.

  • Contribute to continuous improvement of the Company’s overall security posture through technical enhancements, lessons learned, and security engineering best practices.

  • Knowledge and application of circulars, guidelines issued by the Company and get updated on the changes in a timely manner.

  • Ensure systems, procedures and guidelines of the company are followed, and coordinate closely with senior management.

  • Develop, maintain, and regularly update knowledge and skills for effective operations of the Company.

  • Ensure adherence to Company systems, procedures, and guidelines, coordinating closely with Department Heads and Senior Management.

  • Commitment to ethical practices and strict compliance with the Company’s codes of conduct and internal policies.

  • Continuous development, maintenance, and updating of professional knowledge and skills to support effective operations.

  • Willingness to perform additional duties and responsibilities assigned by Management from time to time.

  • In-depth understanding of the cybersecurity threat landscape, adversaries, emerging risks, and industry best practices.

  • Strong knowledge of cyber security risk management, controls, governance, and regulatory compliance.

  • Expertise in enterprise security and technical architecture.

  • Sound knowledge of IT management, systems, and emerging technologies.

  • Strong understanding of enterprise risk management frameworks and internal controls.

  • Proven team-building capability with a strong drive for performance excellence.

Candidate Profile

  • Bachelor’s degree in Information Security, Cyber Security, Computer Science, Information Technology, or a related field, or professional qualifications such as CEH, eJPT, or equivalent ethical hacking certifications.

  • ISO/IEC 27001 Lead Implementer or Lead Auditor – added advantage.

  • Minimum 2–3 years in a technical security role.

  • Experience in regulated or enterprise environments preferred.

  • Hands-on technical background required.

Engineer a Resilient Future

As the Lead Information Security Engineer, you will report directly to the ISO, serving as a technical authority in vulnerability management and red teaming. You will act as a bridge between security strategy and operational reality, overseeing everything from cloud security benchmarking to SOC coordination and incident response. By collaborating with IT, network, and development teams, you will drive the secure configuration of SIEM, EDR, and WAF platforms to mitigate emerging threats. Join PLC to apply your expertise in a regulated environment that rewards integrity and provides a benchmarked remuneration package for elite security talent.

Home Page

More Related Jobs

To apply for this job please visit lk.linkedin.com.