Security Manager

Roles and responsibilities

As a crucial member of the information Governance Risk and Compliance (iGRC) subfunction within the CISO office, The Information Security Manager will be responsible for developing, implementing, and overseeing information risk management strategies to safeguard our organization's information assets and mitigate cybersecurity threats in line with Al-Futtaim Group Information Risk Management and Enterprise Risk Management processes and standards as well as regulatory requirements. Serve as the central liaison for information risk management across aligned enterprise business lines, with prior expertise in insurance, and financial sectors. This role requires strong leadership skills, extensive experience in cybersecurity and risk management, deep knowledge in the regulatory requirements of insurance entities within UAE and the ability to drive collaboration across departments to ensure the highest level of security and compliance.

What you will do:

• Risk Management
  

Identify and assess risks to information assets, develop and implement strategies to mitigate them, and continuously monitor the effectiveness of risk management processes.

• Compliance Management
  

Monitor and ensure compliance with applicable laws, regulations, and standards related to information governance and data protection. Stay updated on changes in regulatory requirements and industry best practices. Develop and implement compliance programs and initiatives, including training and awareness programs.

• Stakeholder Engagement
  

Collaborate with IT, HR, legal, and audit teams to integrate security measures across all departments, ensuring that all aspects of the organization adhere to compliance standards. Facilitate communication and coordination to address security concerns and uphold regulatory requirements.

• Third Party Risk Assessment
  

Identify and conduct third party risk assessment on all our critical third-party vendors.

• Audit Management
  

Planning, execution, and oversight of audit activities (internal, external, regulatory, etc.) within the organization to ensure compliance, identify risks, and drive continuous improvement.

Desired candidate profile

Required Skills to be successful:

• Insurance or banking experience
• ADHICS Audit passing
• Minimum of 8 years experience
• Communications & Negotiations skills
• Stakeholder, program & Vendor management
  

About the Team:

You will be reporting to Manager Information GRC

What equips you for the role:

• Degree in Engineering or equivalent. Should have at least one of the following certifications: CISSP, CISM, CISA, CGRC, GRCP, ISO 27001 LA/LI
• Minimum of 8 years of experience in the IT or Information risk domain. Knowledge on International Standards such as UAE-IA, ADHICS, ISO, PCI-DSS, ITIL, COBIT, NIST, etc.
• Compliance and Regulatory Knowledge (UAE-Information Assurance and ADHICS)
• Knowledge of current cybersecurity threats, vulnerabilities, and trends.
• Expertise in creating and enforcing security policies, procedures, and guidelines.
• Knowledge of IT infrastructure, including networks, systems, and applications.
  

Leadership:

• Guiding strong IT and business team with security initiatives
• Engagement with senior Business executives with ability to influence
  

Functional:

Expert

• Risk Management
• Solution design
• IT Security Management
  

Advanced

• Service Management
• IT Project Management
• IT Vendor Management
• Infrastructure and Technology