Senior Information Security Manager Chalhoub Group

Senior Information Security Manager (GRC) at Chalhoub Group in Unit GS, 075, Financial Center Rd, Downtown Dubai, Dubai, UAE will be responsible for building and managing the Group Information Security GRC function. The function will deliver and manage ISO27001, Information Security Management System (ISMS), NIST CSF, PCI DSS, Supplier Assurance, Risk and Compliance activities. The ISMS caters for multiple complex IT environments and business processes. Reporting to the Director of Information Security, the candidate will develop and lead the IS GRC function and collaborate closely with key stakeholders across the business, suppliers and Technology teams to implement best practice and assure controls to protect important information assets. The function will achieve and maintain certifications and compliance; and achieve alignment with industry standards and best practice. This is a Senior level full time job. And salary can range between 15000-30000 AED/month.

Responsibilities of Senior Information Security Manager

• Develop and lead an Information Security GRC team and capabilities.
• Implement and manage all elements of the ISO2700:2022, ISMS documentation, including Policies, Standards, Controls, associated risk and exceptions registers, compliance testing.
• Embedding and improving the ISMS controls across the 1st and 2nd line of defense operations and roadmap.
• Assure compliance with NIST CSF and UCF across the technical ecosystem in partnership with Technology teams.
• Lead internal and external assurance activities, certification and compliance audits, including controls gaps analysis and effectiveness assurance reviews across the Group and prioritizing the output with business owners and the Information Security Board.
• Provide advice, guidance and audit support to control owners.
• Collaborate with both internal and external auditors and key stakeholders effectively to continually improve the posture of Information Security across the Group.
• Day to day SME advice and guidance for change activity relating to implementation against Chalhoub Group policy, standards and controls.
• Lead Information Security Risk Management, identify, assess and manage information security risks across Chalhoub Group.
• Develop the Information Security Risk Management framework.
• Ensure that it aligns and feeds into the organization’s broader corporate risk.
• Performing risk analysis, manage risk lifecycle from various sources (e.g. Information Security Risk Assessment, Audit, Security Tests, etc).
• Disseminating appropriate risk information to various levels within the organization, as needed.
• Ensuring that key 3rd party suppliers are measured against the ISO27001 control framework, and any identified risks managed within Chalhoub Group risk appetite.

What you will do more

• Monitor evolving threat landscape and be intelligence led to factor in risk assessments.
• Chair Information Security Risk Committee and Information Security Working Group.
• Provide Information Security update as appropriate to the Risk and Crisis Committee.
• Collaborate and work with stakeholders and interested parties to ensure Chalhoub Group is secure internally and externally.
• Develop and manage a Group wide Information Security Education and Awareness program for employees and technical teams to embed and mature a culture of security awareness and compliance.

Requirements for Role of Senior Information Security Manager

• A bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field
• Experience in a multi-national retail organization.
• 5+ years’ experience of ISO27001, NIST CSF, Data Privacy Law, PCI DSS and ITIL.
• Previous experience developing, implementing and maintaining an Information Security Management System (ISMS), certification/re-certification to ISO27001.
• Experience in developing and embedding Risk Management Frameworks and associated processes and procedures.
• Professional Certifications in CISSP.
• Certified Information Security Manager (CISM) or equivalent.
• Certified ISO27001 implementer and or auditor.
• Certified Information Security Auditor (CISA) is an advantage.

Skills And Knowledge Desired

• Proven people management and leadership skills including performance management and improvement, measurement of KRIs, situational leadership, issue resolution, negotiation and motivating others.
• Excellent senior leadership communication skills and demonstrable experience in a customer facing role.
• Ability to lead, manage and priorities.
• Awareness of regulatory requirements of the sector (e.g. UNC, GDPR; NIS Directive etc).
• A solid understanding of Information Security Governance, Risk and Compliance policies, controls and best practice.
• Proven track record of building and leading an Information Security GRC centre of excellence.
• across multiple work streams simultaneously.
• Subject Matter Expert in enterprise Risk Management Information Security.

Category Manager Color Cosmetics Chalhoub Group Dubai