Manager Cybersecurity Resilience GCA - The Emirates Group
Talent Pal
Dubai
AED 50,000 - 200,000
Job description
Job Purpose:
Own, oversee, and drive Group Cyber Security Resilience in Governance Compliance & Assurance by proactively enforcing and executing an Information Security Management System (ISMS) and a security control framework (based on NIST) while fulfilling the necessary regulatory security compliance requirements (e.g. but not limited to Dubai ISR/PCI/DSS GDPR).
Accountable for establishing, overseeing, and assuring security by design and compliance mitigation across The Emirates Group globally and for providing consultation tools and training required to reinforce the overall cyber security resilience of the group.
Job Accountabilities Linked to Objective Areas:
Lead and drive the implementation of a fit-for-purpose cyber security policy (ISMS) and cyber governance control framework (ISMS) into the Group globally and across all business lines aligned with industry best practice (e.g. NIST). Own the IT liaison to align with other policy bodies in the Group. Facilitate the Cybersecurity Governance (as part of IT steering board) across the group at its highest level.
Drive and oversee Cybersecurity Assurance (1st line of defence) activities ensuring security by design oversight regulatory requirements and consulting to all global and local entities under The Emirates Group including Application Assurance, Web & Mobile Assurance, Infrastructure Assurance, Compliance Assurance, and Program Assurance. Continuously empower delivery organizations to shift-left cybersecurity resilience by acting as the front office for all Cybersecurity capabilities embedded in the respective delivery teams.
Implement and embed security, privacy, and regulatory compliance by design principles ensuring these fundamental requirements are embedded into the IT organization. Provide continuous improvements measured and reported on the current state of Cybersecurity Assurance and drive remediation where required.
Provide continuous Cybersecurity resilience improvement in IT and the Business by empowering and overseeing Cybersecurity resilience activities and delivering on a roadmap to embed DevSecOps into the Emirates IT Culture driving the development of cybersecurity resilient systems that protect the Emirates Group from Cybersecurity threats long term.
Own and manage Cybersecurity regulatory compliance (2nd line of defence) by consulting the Emirates Group in close collaboration with the other Cybersecurity capabilities and business functions (e.g. Finance for PCI/DSS and Legal for GDPR ISR as a Dubai Government requirement) to prevent non-compliances to the compliance frameworks the group signed up to. This role is crucial to apply 2nd line of defence for Emirates Group compliance to regulations and therefore should be at the forefront of evolving regulatory requirements.
Ensure policy and cybersecurity exception and cybersecurity change management is governed and violations/deviations are managed, mitigated, and reported as per governance process and in close collaboration with the Cybersecurity Risk function.
Own and drive IT Business continuity planning and testing as well as IT disaster recovery planning and testing for the Group to achieve the highest levels of operational resilience and necessary recovery.
Drive all cybersecurity-related assessments on behalf of IT in respect to ISR, SAS70, ISO27001 including ongoing management of IT security standards such as PCI DSS as well as EU GDPR in close collaboration with Legal and Internal Audit supported by the subject matter expertise.
Drive industry best practice research to continuously improve and shift-left Group Cyber Security resilience capabilities. Empower and promote cybersecurity self-service across the group.
Establish and orchestrate the CISO global network of Regional or Functional Business Information Officers (BISO) driving the regional or functional implementation of the Cyber Security governance guided by the Group Policies and Standards.
Qualifications & Experience:
Degree or Honours (12 3 or equivalent) in Information Technology/IT Security/Other.
Experience:
10 years in Information Technology.
Minimum 5 years at a senior management level in IT Risk/Cybersecurity.
Hands-on experience in Regulatory Framework implementation, IT operations, and delivery of projects.
Hands-on experience in Threat Modelling (Optional).