Senior Security Operations & Risk Analyst

Job description / Role

Who we are

Chalhoub is the leading luxury retailer in the Middle East. With more than 700 stores, 300 brands, and 60 years of experience in the region, we are the premiere destination for luxury goods. To fuel the next stage of the organisation's growth, we are looking to develop a world class digital and e-commerce capability. Building on our strong data foundations, we are looking to create an agile and truly customer-centric organisation to deliver significant growth. We are looking for top talent to join us on this journey.

The role

This is a fantastic opportunity for a Security Professional to join a leading retail group in the middle east, working as part of the IT Services team. The candidate will work in the Tech Security team to support and expand the Tech Security function in Security Operations, Risk and Compliance domains.

What you'll be doing

- Define security policies, procedures, and other artifacts to support and maintain the Information Security Management System (ISMS).
- Develop, maintain and publish up-to-date security policies, standards and guidelines and oversee training and distribution of security policies and practices across the organization.
- Perform regular reviews of the security controls, policies and guidelines and keep them fit for purpose with continuous improvement.
- Prepare and own compliance reporting and keep tracking and improving the compliance levels against internal security controls framework.
- Own and improve internal security control framework, ensuring the Group is meeting its compliance requirements.
- Assist in improving the security risk framework, aligning it with global risk frameworks.
- Maintain the security risk register and track risk mitigation activities, working with stakeholders and action owners.
- Plan and scope IT internal audit reviews, including meeting the key stakeholders, drafting and agreeing audit Terms of Reference.
- Review third party contracts, service agreements, proposals and SoW documents for security and privacy compliance.
- Drive a culture of understanding and awareness around Information Security risks.
- Stay up to date on the latest security regulations, advisories, alerts, and vulnerabilities and communicate to the technical and business stakeholders as necessary.
- Work closely with Managed Security Service Providers and internal stakeholders to ensure the effectiveness of SIEM, use cases, consistency and coverage of the critical platform monitoring under SOC, and timely closure of the security incidents.
- Lead incident and vulnerability investigation, response, and remediation. For major incidents provide central oversight and communication to IT Leadership, Business Leadership, and relevant external stakeholders on security risk and mitigation strategies.
- Work with technical service owners and product managers to ensure any vulnerabilities (identified as part of regular or ad-hoc scans) are assigned and remediated as per the defined SLAs.

Requirements

What you'll need to succeed:

- Bachelors or master's degree in computer science or IT or related discipline
- Achieved one or more of information security certifications (e.g., CISSP, CISM, ISO 27001 LA/LI, Cloud technology certifications, etc.)
- 5 years or more experience of working in a large organization, preferably in Retail industry.
- Understanding of security risk analysis tools and techniques
- Experience of security compliance initiatives within an enterprise technology environment such as NIST CSF, CSA, PCI DSS, ISO 27001
- Experience with IT assurance functions and Information Security auditing using recognized audit frameworks and techniques
- Understanding of E-Commerce and cloud platforms, network architecture, protocols, OSI layers, application security and security design principles.
- Understanding of security tools and techniques such as DLP, EDR, WAF, MFA etc.
- Working knowledge of global and regional data protection legislations and standards such as GDPR, ADGM and ISO 27701
- Ability to explain technical complex concepts to non-technical audiences combined with excellent communication and organizational skills
- Committed to own personal development within security governance and risk
- Demonstrably self-motivated, pro-active, action orientated to achieve deadlines

What we can offer you

With us, you will turn your aspirations into reality. We will help shape your journey through enriching experiences, learning and development opportunities and exposure to different assignments within your role or through internal mobility. Our Group offers diverse career paths for those who are extraordinary, every day.

We recognise the value that you bring, and we strive to provide a competitive benefits package which includes health care, child education contribution, remote and flexible working policies as well as exclusive employee discounts.

About the Company

The Chalhoub Group is the leading partner for luxury across the Middle East since 1955. As an expert in retail, distribution and marketing services based in Dubai, the group has become a major player in the fashion, beauty and gift sectors regionally.

By blending its Middle East expertise and intimate knowledge of luxury, Chalhoub Group is building brands in the region, by offering service excellence to all its partners and a unique experience to its customers through its passionate teams.

With a growing workforce of more than 9,000 people, implemented in 14 countries, as well as the operating of over 470 retail outlets, the group's success is attributed to its most valued asset of highly skilled and dedicated teams. Professionalism and passion are what fuel the Chalhoub Group's competitive edge in today's market.

By being committed to implementing sustainable practices into their business, the Chalhoub Group has been awarded in 2013 the CSR Label from the Dubai Chamber of Commerce.