Information Security GRC Manager
Chalhoub Group
- Dubai
- Permanent
- Full-time
- Implement risk management processes and capability to enable continuous monitoring of control effectiveness and key risk indicators.
- Identify, assess, and prioritize security risks associated with the group's Information assets, systems, and services.
- Develop and implement security risk mitigation strategies and control measures to protect critical assets and sensitive information.
- Evaluate and manage cybersecurity risks associated with third-party vendors and service providers.
- Collaborate with procurement and legal teams to ensure that vendor contracts include appropriate security requirements.
- Govern compliance with information security policies, standards, and procedures aligned to security strategy, relevant regulations, and industry best practices.
- Collaborate with cross-functional teams, service providers and other stakeholders to ensure consistent enforcement of policies and controls and monitor compliance.
- Ensure the organization's adherence to applicable compliance frameworks, internal control framework and guidelines set out by the Information Security department.
- Facilitate and lead governance and risk committee meetings to ensure consistent application of security standards and policies across all projects, technology platforms and services.
- Manage security audit lifecycle and risk assessments and consistently work towards the improvement of overall security maturity of the organization.
- Prepare and present regular reports on security risk, compliance status, and security posture to senior management and relevant stakeholders.
- Manage effective education and awareness program for the group to promote a culture of security awareness and compliance.
- Bachelor's degree in Computer Science, Information Technology, or a related field. Master's degree preferred.
- Professional security management certifications such as CISSP, CISM, CISA or other similar credentials.
- Proven experience (7+ years) in a combination of Information Security Governance, Risk, Compliance, and technology-related roles.
- Solid understanding of common information security standards, frameworks, and regulations such as ISO/IEC 27001, Cloud Security Alliance, NIST, PCI/DSS and GDPR.
- Knowledge and understanding of the major cloud platforms, Ecommerce, Integration and Customer Technologies.
- An undertsanding of security technologies such as EDR, VM, DLP, IPS, Firewalls, DevSecOps, SIEM, etc.
- Experience in leading and motivating cross-functional teams to achieve tactical and strategic goals
- Exceptional problem-solving skills and a results-oriented mindset.
- Excellent communication, collaboration, and interpersonal skills.
- Ability and experience to lead and develop teams