Security Manager - Orient - Group Tech&Dig Platforms - Corporate Serv

Job description / Role

Security Manager - Orient - Group Tech &Dig Platforms - Corporate Services

Overview of the role:

As a crucial member of the Information Governance Risk and Compliance (iGRC) subfunction within the CISO office, the Information Security Manager will be responsible for developing, implementing, and overseeing information risk management strategies to safeguard our organization's information assets and mitigate cybersecurity threats in line with Al-Futtaim Group Information Risk Management and Enterprise Risk Management processes and standards as well as regulatory requirements. Serve as the central liaison for information risk management across aligned enterprise business lines, with prior expertise in insurance and financial sectors. This role requires strong leadership skills, extensive experience in cybersecurity and risk management, deep knowledge in the regulatory requirements of insurance entities within UAE, and the ability to drive collaboration across departments to ensure the highest level of security and compliance.

What you will do:

• Risk Management: Identify and assess risks to information assets, develop and implement strategies to mitigate them, and continuously monitor the effectiveness of risk management processes.
• Compliance Management: Monitor and ensure compliance with applicable laws, regulations, and standards related to information governance and data protection. Stay updated on changes in regulatory requirements and industry best practices. Develop and implement compliance programs and initiatives, including training and awareness programs.
• Stakeholder Engagement: Collaborate with IT, HR, legal, and audit teams to integrate security measures across all departments, ensuring that all aspects of the organization adhere to compliance standards. Facilitate communication and coordination to address security concerns and uphold regulatory requirements.
• Third Party Risk Assessment: Identify and conduct third party risk assessment on all our critical third-party vendors.
• Audit Management: Planning, execution, and oversight of audit activities (internal, external, regulatory, etc.) within the organization to ensure compliance, identify risks, and drive continuous improvement.
• Client Risk Assessments: Completing various client risk assessments carried out by our supporting clients on our infrastructure setup addressing all sections on security controls, data protection, compliance, and business continuity. Conduct and report risk assessment and compliance check as per cycle.

Required skills to be successful:

• Insurance or banking experience
• ADHICS audit passing
• Minimum of 8 years experience
• Communications and negotiations skills
• Stakeholder, program, and vendor management

About the team:

You will be reporting to the Manager of Information GRC.

What equips you for the role:

• Degree in Engineering or equivalent. Should have at least one of the following certifications: CISSP, CISM, CISA, CGRC, GRCP, ISO 27001 LA/LI.
• Minimum of 8 years of experience in the IT or Information risk domain. Knowledge on international standards such as UAE-IA, ADHICS, ISO, PCI-DSS, ITIL, COBIT, NIST, etc.
• Compliance and regulatory knowledge (UAE-Information Assurance and ADHICS).
• Knowledge of current cybersecurity threats, vulnerabilities, and trends.
• Expertise in creating and enforcing security policies, procedures, and guidelines.
• Knowledge of IT infrastructure, including networks, systems, and applications.

Leadership:

• Guiding strong IT and business teams with security initiatives.
• Engagement with senior business executives with the ability to influence.

Functional:

• Expert: Risk management, solution design, IT security management.
• Advanced: Service management, IT project management, IT vendor management, infrastructure and technology.
• Proficient: Business process design, application implementation.

We're here to provide excellent service but a little help from you can ensure a five-star candidate experience from start to finish.

Before you click "apply": Please read the job description carefully to ensure you can confidently demonstrate why this opportunity is right for you and take the time to put together a well-crafted and personalized CV to further boost your visibility. Our global talent acquisition team members are all assigned to specific businesses to ensure that we make the best matches between talent and opportunities. We not only consider the requisite compatibility of skills and behaviors but also how candidates align with our values of respect, integrity, collaboration, and excellence.

As part of our candidate experience promise, we also want to make ourselves available to you throughout the application process. We make every effort to review and respond to every application.

About the Company

Established in the 1930's, the Al-Futtaim Group initially operated as a trading enterprise. Rapid development throughout the 1940's and 50's saw it establish itself regionally as an integrated commercial, industrial and services organisation, positioning itself one of the leading business houses in the lower Gulf region. Today, it operates collectively over 40 companies bearing the Al-Futtaim name, dominates many market segments in the UAE, and has expanded its sphere of operation to include Bahrain, Kuwait, Qatar, Oman and Egypt.

The Group comprises a diverse range of strategically positioned operating subsidiaries and associate companies, structured to give the Al-Futtaim Group the flexibility and versatility to keep ahead of local competition while keeping pace with the ever-evolving global business scenario. The Groups continued investment in world-class systems technology is clear evidence of its commitment to maintain leading edge performance and service delivery.

The success of the Al-Futtaim Group can be attributed to a business approach that combines the ability to change with the traditional values of integrity, service and social responsibility that define its core business philosophy. This, linked with the Groups belief in decentralisation, gives the heads of the operating companies a high degree of functional autonomy and authority, providing the Group with essential flexibility, and individual employees a clearly defined work culture and sense of responsibility.