Information Security, Risk & Governance Manager

Job description / Role

Accountable for creating Information & Security and Compliance policies and assuring these are being met – infrastructure and application based, supported by the senior IT Director. Linked to the Internal Audit and Compliance & Risk function. Independent from the delivery of services - all aspects of IT security – applications, infrastructure, legal and regulatory requirements

KEY ACCOUNTABILITIES

PERFORMANCE MANAGEMENT
- Manages and enhances the Group’s security, risk and governance strategy in a manner that supports the business priorities.
- Contributes to the development of the Group’s IT plan through driving the implementation of the overall Information Security, Risk & Governance strategy.
- Identifies and monitors relevant department KPI’s, sets targets, monitors performance against plan and initiates remedial actions in case of discrepancy between actual and expected performance.
- Develops updates and monitors compliance with relevant sections of the IT policies and procedures manual as well as compliance with the relevant department Delegation of Authority Matrix.
- Liaises with the Senior IT Director and other internal stakeholders to develop and implement the company’s overall IT strategy and plan.

KEY ACCOUNTABILITIES
- Conducts the information security risk assessment program. Reviews compliance with the information security policy and associated procedures.
- Analyses and reports various risk management data, including key risk indicators, identifies trends, provides process oversight, executes supporting tasks, and assures quality and integrity of risk assessments.
- Develops IS security policy for new applications and services.
- Supports IT Operations & Applications Manager with matters pertaining to project initiations and cancellations.
- Maintains a budget and forecast for the IS team and the security monitoring environment and reports on performance against SLAs and budget.
- Maintains awareness of data protection legislation (if applicable) and ensures that security measures adequately protect staff, client and supplier information.
- Actively supports the Senior Director of IT in discussions with the business over security risks and requirements. This will involve advising on the risk and investment implications of changes to service levels.
- Maintains adequate security protection at all points of internal and external threat to the integrity of Group’s systems and data.
- Monitors and oversees all infrastructure, data and network security. Maintains ‘real time’ reporting to the Service Desk and where required to the Service Managers.
- Manages the information security functions in accordance with established IT policies and guidelines.
- Manages and co-ordinates actions with relevant IT personnel to address breaches in security.
- Manages overall Information Security matters pertaining to data retention, loss prevention, access to information, and threats and vulnerability.
- Conducts security training and awareness.
- Participates in external Information Security forums to incorporate current best practice.
- Provides periodic reporting on information security issues to the Senior IT Director.
- Conducts security orientation and security awareness programs with end business users.
- Establishes and maintains logical security to segregate development, test and production environments to ensure adequate protection from unauthorised or accidental access or damage.
- Maintains security management design in line with IS Strategy and business unit needs.
- Maintains records of security-related change requests.
- Provides impact analysis of security-related change requests.
- Implements security related change requests.
- Develops and motivates team with sufficient skills to enable overall logical and physical IS security requirements to be achieved across the current and planned IT architecture.

COMMUNICATIONS & WORKING RELATIONSHIPS

Internal
- Regular communication with relevant functions to address security, risk and compliance related issues

External
- Suppliers & External Users – reporting on security requirements for services supplied to or by vendors and specification of security requirements

Requirements

- Bachelor’s Degree in Computer Science or Related discipline.
- CISSP, PMP, CISM, ITIL certifications are highly desirable
- 5-6 years experience in IT Security.

Job-Specific Skills:
- Experience of creating detailed IS security policies and standards
- Ability to assess risk and conduct IT Risk Assessments
- Excellent communication skills – written and verbal – to deal with top IT and Business management when developing cost case for investment in infrastructure or business projects and providing feedback on incidents and their resolution.
- Track record of managing IS security of a similar nature in a regulated industry and achieving high levels of performance and customer satisfaction
- Significant technical and conceptual knowledge and experience of security across a wide range of infrastructures and application systems.

About the Company

Ahmed Seddiqi & Sons is a family owned entity with a large portfolio of Swiss Watch brands. Thanks to its brand strategy and the vision of the late Mr. Ahmed Seddiqi, Ahmed Seddiqi & Sons has enjoyed a steady expansion since its inception in the late 1940s.

At the group, we believe that each employee contributes to the growth and success of the company, and this is evident with the strong and loyal workforce of 480 plus employees, some of whom have been with the organization since 1968.

Ahmed Seddiqi & Sons is the largest distributor of Swiss Brand watches in the Middle East. We offer world-class and exquisitely designed watches and jewellery. From a humble beginning of a single store in 1950s, today Ahmed Seddiqi & Sons portfolio consists of over 50 prestigious brands across 52 locations in the UAE.