Information Security GRC Manager

Job description / Role

INSPIRE | EXHILARATE | DELIGHT

For over six decades, Chalhoub Group has been a partner and creator of luxury experiences in the Middle East. The Group, in its endeavour to excel as a hybrid retailer, has reinforced its distribution and marketing services with a portfolio of eight owned brands and over 300 international brands in the luxury, beauty, fashion, and art de vivre categories. More recently, the Group expanded its expertise into new categories of luxury watches, jewellery, and eyewear.

Every step at Chalhoub Group is taken with the customer at heart. Be it constantly reinventing itself or focusing on innovation to provide luxury experiences at over 750+ experiential retail stores, online and through mobile apps, each touch point leads to delighting the customer.

What you'll be doing:

We are seeking an experienced Information Security GRC Manager to work in the Information Security function of the group. You will play a key role in safeguarding the group's information assets and infrastructure and ensuring compliance with industry standards, regulations, and internal control frameworks. This position demands a strategic thinker with a solid risk management and ISO background, capable of managing and mitigating cyber risks through strong collaboration with cross-functional teams and relevant stakeholders.

Responsibilities

Risk Management

- Implement risk management processes and capability to enable continuous monitoring of control effectiveness and key risk indicators.
- Identify, assess, and prioritize security risks associated with the group's Information assets, systems, and services.
- Develop and implement security risk mitigation strategies and control measures to protect critical assets and sensitive information.
- Evaluate and manage cybersecurity risks associated with third-party vendors and service providers.
- Collaborate with procurement and legal teams to ensure that vendor contracts include appropriate security requirements.

Policy & Compliance Management

- Govern compliance with information security policies, standards, and procedures aligned to security strategy, relevant regulations, and industry best practices.
- Collaborate with cross-functional teams, service providers and other stakeholders to ensure consistent enforcement of policies and controls and monitor compliance.
- Ensure the organization's adherence to applicable compliance frameworks, internal control framework and guidelines set out by the Information Security department.
- Facilitate and lead governance and risk committee meetings to ensure consistent application of security standards and policies across all projects, technology platforms and services.

Security Audits and Assessments

- Manage security audit lifecycle and risk assessments and consistently work towards the improvement of overall security maturity of the organization.
- Prepare and present regular reports on security risk, compliance status, and security posture to senior management and relevant stakeholders.

Security Awareness and Training

- Manage effective education and awareness program for the group to promote a culture of security awareness and compliance.

Requirements

What you'll need to succeed:

- Bachelor's degree in Computer Science, Information Technology, or a related field. Master's degree preferred.
- Professional security management certifications such as CISSP, CISM, CISA or other similar credentials.
- Proven experience (7+ years) in a combination of Information Security Governance, Risk, Compliance, and technology-related roles.
- Solid understanding of common information security standards, frameworks, and regulations such as ISO/IEC 27001, Cloud Security Alliance, NIST, PCI/DSS and GDPR.
- Knowledge and understanding of the major cloud platforms, Ecommerce, Integration and Customer Technologies.
- An undertsanding of security technologies such as EDR, VM, DLP, IPS, Firewalls, DevSecOps, SIEM, etc.
- Experience in leading and motivating cross-functional teams to achieve tactical and strategic goals
- Exceptional problem-solving skills and a results-oriented mindset.
- Excellent communication, collaboration, and interpersonal skills.
- Ability and experience to lead and develop teams

What we can offer you

With us, you will turn your aspirations into reality. We will help shape your journey through enriching experiences, learning and development opportunities and exposure to different assignments within your role or through internal mobility. Our Group offers diverse career paths for those who are extraordinary, every day.

We recognise the value that you bring, and we strive to provide a competitive benefits package which includes health care, child education contribution, remote and flexible working policies as well as exclusive employee discounts.

About the Company

The Chalhoub Group is the leading partner for luxury across the Middle East since 1955. As an expert in retail, distribution and marketing services based in Dubai, the group has become a major player in the fashion, beauty and gift sectors regionally.

By blending its Middle East expertise and intimate knowledge of luxury, Chalhoub Group is building brands in the region, by offering service excellence to all its partners and a unique experience to its customers through its passionate teams.

With a growing workforce of more than 9,000 people, implemented in 14 countries, as well as the operating of over 470 retail outlets, the group's success is attributed to its most valued asset of highly skilled and dedicated teams. Professionalism and passion are what fuel the Chalhoub Group's competitive edge in today's market.

By being committed to implementing sustainable practices into their business, the Chalhoub Group has been awarded in 2013 the CSR Label from the Dubai Chamber of Commerce.