Job description / Role
For over six decades, Chalhoub Group has been a partner and creator of luxury experiences in the Middle East. The Group, in its endeavour to excel as a hybrid retailer, has reinforced its distribution and marketing services with a portfolio of eight owned brands and over 300 international brands in the luxury, beauty, fashion, and art de vivre categories. More recently, the Group expanded its expertise into new categories of luxury watches, jewellery, and eyewear.
Every step at Chalhoub Group is taken with the customer at heart. Be it constantly reinventing itself or focusing on innovation to provide luxury experiences at over 750+ experiential retail stores, online and through mobile apps, each touch point leads to delighting the customer.
Today, Chalhoub Group stands for 14,000 skilled and talented professionals across seven countries, whose cohesive efforts have resulted in the Group being ranked third in the Middle East and first in Saudi Arabia as a Great Place to Work®.
To keep the innovation journey going, the Group has set up "The Greenhouse", which is not just an innovation hub, but also an incubator space and accelerator for start-ups and small businesses in the region and internationally. This is just one of the several initiatives taken by the Group to reinvent itself, catalysed by forward thinking and future-proofing. The Group has also been embedding sustainability at the core of its business strategy with a clear commitment towards people, partners and the planet, and by being a member of the United Nations Global Compact Community and signatory of the Women's Empowerment Principles.
This is a fantastic opportunity for a Security Professional to join a leading retail group in the middle east, working as part of the IT Services team. The candidate will work in the Tech Security team to support and expand the Tech Security function in security operations, threat hunting and vulnerability management domains.
Purpose of the role
Safeguards information system assets by identifying and solving potential and actual security problems. The Security Operations Manager role has a broad range of responsibilities, with a primary emphasis on incident response, threat and event monitoring and vulnerability management.
What you'll be doing:
- Develop and revise processes to strengthen the current operating model for Security Operations, review and develop relevant policies, procedures, and runbooks to address emerging and changing threats.
- Responsible for IT security incident response and ensuring security incidents are logged, escalated, and responded to in line with SLAs defined for SOC services.
- Act as the primary point of contact for security-related incidents, invoke CSIRT for critical incidents and engage DFIR partner as and when required.
- For major incidents provide central oversight and communication to IT Leadership, Business Leadership, and relevant external stakeholders on security risk and mitigation strategies.
- Monitor Managed Security Service Provider (MSSP) and identify any areas of improvement by producing relevant KPIs and metrics. Report with recommendations on how to improve services to Senior IT Management
- Work closely with MSSP and internal stakeholders to ensure the effectiveness of SIEM, use cases, consistency and coverage of the critical platform monitoring under SOC, and timely closure of the security incidents.
- Manage the interaction between MSSP and internal tech/operations teams and ensure a smooth flow of incident tickets and remediation activities.
- Develop clear and concise operational reporting metrics including KRIs (key risk indicators) for technical teams and senior management reporting.
- Develop and maintain incident response plans and ensure they are regularly tested and updated.
- Stay up to date on the latest security regulations, advisories, alerts, and vulnerabilities and communicate to the technical and business stakeholders as necessary.
- Lead and own vulnerability management covering the end-to-end lifecycle (identification, investigation, response, and remediation). Develop and maintain vulnerability management process, and SLAs for remediation and reporting metrics.
- Work closely with MSSP's vulnerability management team, internal tech service owners and product managers to ensure any vulnerabilities are assigned and remediated in a timely manner.
- Oversight, planning and execution of any required VAPT tests, forensic audits, or related investigations.
- Build and maintain a positive working relationship with the service providers.
What you'll need to succeed:
- Bachelors or master's degree in computer science or related discipline
- Achieved one or more of information security certifications (e.g., GSOC, CISSP, CISM, Cloud security certifications, etc.)
- 5-8 years or more experience of working in multiple IT Security domains in a large organization, preferably in Retail industry
- 3 years or more experience of managing security operations and working with security service providers.
- Strong knowledge and experience of implementing security automation tools and techniques in a hybrid, multi-cloud environment.
- Strong understanding of security risk management and experience of writing security risks identified from security incidents and vulnerability management.
- Solid understanding of security threat management frameworks and attack/defense techniques including MITRE Att&ck, and OWASP.
- Practical knowledge of security defense techniques for E-Commerce web and mobile applications, cloud platforms, network infrastructure, end user computing and APIs.
- Ability to explain technical complex concepts and operational data / reports (e.g. incident and vulnerability remediation trends) to non-technical audiences combined with excellent communication, presentation and organizational skills.
- Knowledge of security and privacy standards and frameworks including ISO 27001, PCI DSS, GDPR etc.
- Demonstrably self-motivated, pro-active, action orientated to achieve deadlines
What we can offer you
With us, you will turn your aspirations into reality. We will help shape your journey through enriching experiences, learning and development opportunities and exposure to different assignments within your role or through internal mobility. Our Group offers diverse career paths for those who are extraordinary, every day.
We recognise the value that you bring, and we strive to provide a competitive benefits package which includes health care, child education contribution, remote and flexible working policies as well as exclusive employee discounts.
We Invite All Applicants to Apply
It Takes Diversity Of Thought, Culture, Background, Differing Abilities and Perspectives to truly Inspire, Exhilarate and Delight our customers. At Chalhoub Group, we are committed to inclusion and diversity.
We welcome all applicants to apply and be part of our exciting future. We ensure equal opportunity for all our applicants without regard to gender, age, race, religion, national origin or disability status.
About the Company
The Chalhoub Group is the leading partner for luxury across the Middle East since 1955. As an expert in retail, distribution and marketing services based in Dubai, the group has become a major player in the fashion, beauty and gift sectors regionally.
By blending its Middle East expertise and intimate knowledge of luxury, Chalhoub Group is building brands in the region, by offering service excellence to all its partners and a unique experience to its customers through its passionate teams.
With a growing workforce of more than 9,000 people, implemented in 14 countries, as well as the operating of over 470 retail outlets, the group's success is attributed to its most valued asset of highly skilled and dedicated teams. Professionalism and passion are what fuel the Chalhoub Group's competitive edge in today's market.
By being committed to implementing sustainable practices into their business, the Chalhoub Group has been awarded in 2013 the CSR Label from the Dubai Chamber of Commerce.