Security Manager - Orient | Group Tech &Dig Platforms | Corporate Services

Job Requisition ID: [[167114]] 

Established in the 1930s as a trading business, Al-Futtaim Group today is one of the most diversified and progressive, privately held regional businesses headquartered in Dubai, United A”rab Emirates. Structured into five operating divisions; automotive, financial services, real estate, retail and healthcare; employing more than 35,000 employees across more than 20 countries in the Middle East, Asia and Africa, Al-Futtaim Group partners with over 200 of the world's most admired and innovative brands. Al-Futtaim Group’s entrepreneurship and relentless customer focus enables the organisation to continue to grow and expand; responding to the changing needs of our customers within the societies in which we operate. 

By upholding our values of respect, excellence, collaboration and integrity; Al-Futtaim Group continues to enrich the lives and aspirations of our customers each and every day.

Overview of the role:

As a crucial member of the information Governance Risk and Compliance (iGRC) subfunction within the CISO office, The Information Security Manager will be responsible for developing, implementing, and overseeing information risk management strategies to safeguard our organization's information assets and mitigate cybersecurity threats in line with Al-Futtaim Group Information Risk Management and Enterprise Risk Management processes and standards as well as regulatory requirements. Serve as the central liaison for information risk management across aligned enterprise business lines, with prior expertise in insurance, and financial sectors. This role requires strong leadership skills, extensive experience in cybersecurity and risk management, deep knowledge in the regulatory requirements of insurance entities within UAE and the ability to drive collaboration across departments to ensure the highest level of security and compliance.

What you will do:

• Risk Management

Identify and assess risks to information assets, develop and implement strategies to mitigate them, and continuously monitor the effectiveness of risk management processes.

• Compliance Management

Monitor and ensure compliance with applicable laws, regulations, and standards related to information governance and data protection. Stay updated on changes in regulatory requirements and industry best practices. Develop and implement compliance programs and initiatives, including training and awareness programs.

• Stakeholder Engagement

Collaborate with IT, HR, legal, and audit teams to integrate security measures across all departments, ensuring that all aspects of the organization adhere to compliance standards. Facilitate communication and coordination to address security concerns and uphold regulatory requirements.

• Third Party Risk Assessment

Identify and conduct third party risk assessment on all our critical third-party vendors.

• Audit Management

Planning, execution, and oversight of audit activities (internal, external, regulatory, etc.) within the organization to ensure compliance, identify risks, and drive continuous improvement.

• Client Risk Assessments

Completing various client risk assessments carried out by our supporting clients on our infrastructure setup addressing all sections on security controls, data protection, compliance, and business continuity.

Conduct and report risk assessment and compliance check as per cycle.

Required Skills to be successful:

• Insurance or banking experience 
• ADHICS Audit passing 
• Minimum of 8 years experience 
• Communications & Negotiations skills 
• Stakeholder, program & Vendor management 
   

About the Team:

You will be reporting to Manager Information GRC

What equips you for the role:

• Degree in Engineering or equivalent. Should have at least one of the following certifications: CISSP, CISM, CISA, CGRC, GRCP, ISO 27001 LA/LI
•  Minimum of 8 years of experience in the IT or Information risk domain. Knowledge on International Standards such as UAE-IA, ADHICS, ISO, PCI-DSS, ITIL, COBIT, NIST, etc.
•  Compliance and Regulatory Knowledge (UAE-Information Assurance and ADHICS)
•  Knowledge of current cybersecurity threats, vulnerabilities, and trends.
•  Expertise in creating and enforcing security policies, procedures, and guidelines.
•  Knowledge of IT infrastructure, including networks, systems, and applications.

Leadership:

• Guiding strong IT and business team with security initiatives
• Engagement with senior Business executives with ability to influence 

 
Functional:
       Expert

• Risk Management
• Solution design
• IT Security Management

       Advanced

• Service Management
• IT Project Management
• IT Vendor Management
• Infrastructure and Technology

       Proficient

• Business Process Design
• Application Implementation
   

We’re here to provide excellent service but a little help from you can ensure a five-star candidate experience from start to finish.

Before you click “apply”: Please read the job description carefully to ensure you can confidently demonstrate why this opportunity is right for you and take the time to put together a well-crafted and personalised CV to further boost your visibility. Our global Talent Acquisition team members are all assigned to specific businesses to ensure that we make the best matches between talent and opportunities. We not only consider the requisite compatibility of skills and behaviours, but also how candidates align with our Values of Respect, Integrity, Collaboration, and Excellence.

As part of our candidate experience promise, we also want to make ourselves available to you throughout the application process. We make every effort to review and respond to every application.