Own, oversee and drive Group Cyber Security Resilience in Governance, Compliance & Assurance by proactively enforcing and executing an Information Security Management System (ISMS) and a security control framework (based on NIST) while fulfilling the necessary regulatory security compliance requirements (e.g. but not limited to Dubai ISR/PCI/DSS, GDPR).
Accountable for establishing and overseeing and assuring security-by-design and compliance mitigation across The Emirates Group globally and for providing consultation, tools, and training required to reinforce the overall cyber security resilience of the group.
Job Accountabilities Linked to Objective Areas:
Lead and drive the implementation of a fit-for-purpose cyber security policy (ISMS) and cyber governance control framework (ISMS) into the Group globally and across all business lines, aligned with industry best practice (e.g. NIST). Own the IT liaison to align with other policy bodies in the Group. Facilitate the Cybersecurity Governance (as part of IT steering board) across the group at its highest level.
Drive and oversee Cybersecurity Assurance (1st line of defence) activities, ensuring security-by-design oversight, regulatory requirements and consulting to all global and local entities under The Emirates Group, including Application Assurance, Web & Mobile Assurance, Infrastructure Assurance, Compliance Assurance and Program Assurance. Continuously to empower delivery organisations to shift-left cybersecurity resilience by acting as the front office for all Cybersecurity capabilities embedded in the respective delivery teams.
Implement and embed security, privacy and regulatory compliance by design principles, ensuring these fundamental requirements are embedded into the IT organisation. Provide continuous improvements measured and reported on the current state of Cybersecurity Assurance and drive remediation where required.
Provide continuous Cybersecurity resilience improvement in IT and the Business by empowering and overseeing Cybersecurity resilience activities and delivering on a roadmap to embed DevSecOps into the Emirates IT Culture, driving the development of cybersecurity resilient systems that protect the Emirates Group from Cybersecurity threats long term.
Own and manage Cybersecurity regulatory compliance (2nd line of defence) by consulting the Emirates Group, in close collaboration with the other Cybersecurity capabilities and business functions (e.g. Finance for PCI/DSS and Legal for GDPR, ISR as a Dubai Government requirement) to prevent non-compliances to the compliance frameworks the group signed up to. This role is crucial to apply 2nd line of defence for Emirates Group compliance to regulations and therefore should be at the forefront of evolving regulatory requirements.
Ensure policy and cybersecurity exception and cybersecurity security change management is governed and violations/deviations are managed, mitigated and reported as per governance process and in close collaboration with the Cybersecurity Risk function.
Own Drive IT Business continuity planning and testing as well as IT disaster recovery planning and testing for the Group to achieve highest levels of operational resilience and necessary recovery.
Drive all cyber security-related assessment on behalf of IT in respect to ISR, SAS70, ISO27001, including ongoing management of IT security standards such as PCI DSS as well as EU GDPR, in close collaboration with Legal and Internal Audit, supported by the subject matter expertise.
Drive industry best practice research to continuously improve and shift-left Group CyberSecurity resilience capabilities. Empower and promote cybersecurity self-service across group.
Establish and orchestrate the CISO global network of Regional or Functional Business Information Officers (BISO), driving the regional or functional implementation of the Cyber Security governance guided by the Group Policies and Standards.
