Senior Information Security Manager - Governance, Risk & Compliance

Be among the first applicants.
Chalhoub Group
United Arab Emirates
AED 50,000 - 200,000
Be among the first applicants.
3 days ago
Job description

INSPIRE | EXHILARATE | DELIGHT

For over six decades, Chalhoub Group has been a partner and creator of luxury experiences in the Middle East. The Group, in its endeavour to excel as a hybrid retailer, has reinforced its distribution and marketing services with a portfolio of eight owned brands and over 300 international brands in the luxury, beauty, fashion, and art de vivre categories. More recently, the Group expanded its expertise into new categories of luxury watches, jewellery, and eyewear.

Every step at Chalhoub Group is taken with the customer at heart. Be it constantly reinventing itself or focusing on innovation to provide luxury experiences at over 750+ experiential retail stores, online and through mobile apps, each touch point leads to delighting the customer.

What You'll Be Doing
The Information Security Governance, Risk, and Compliance (IS GRC) Senior Manager will be responsible for building, developing, and managing the Group's Information Security GRC function. This critical function will deliver and maintain key governance, risk, and compliance activities, including the management of ISO27001, PCI DSS, Supplier Assurance, and associated risk management initiatives. The ISMS supports a diverse set of complex IT environments and business processes.

Reporting to the Director of Information Security, the IS GRC Senior Manager will collaborate closely with key stakeholders across the business, suppliers, and Technology teams to implement industry best practices, maintain certifications, and assure controls that protect critical information assets. The role requires a proven leader with expertise in designing and embedding effective governance, risk management, and compliance programs across a global organization.

Key Responsibilities:

  1. Governance
    - Develop and Lead the IS GRC Function
    - Build and manage a Group-wide Information Security GRC function to establish and enforce governance practices that align with organizational goals and regulatory requirements.
    - Lead the development and ongoing maintenance of an Information Security Management System (ISMS) compliant with ISO27001:2022, PCI DSS, and other frameworks.
  2. Policy Development and Implementation
    - Create and maintain robust information security policies, standards, and procedures, ensuring alignment with the organization's operational and compliance requirements.
    - Oversee the enforcement and periodic review of these policies to ensure they remain effective and up to date.
  3. Steering Committee and Governance Reporting
    - Provide regular updates on Information Security risks, compliance, and control effectiveness to the Risk and Crisis Committee, Information Security Board, and other relevant governance bodies.
    - Chair the Information Security Risk Committee and Information Security Working Group, ensuring the effective communication and management of security risks.
  4. Risk Management
    - Develop, implement, and continuously improve the Information Security Risk Management Framework to ensure alignment with the Group's corporate risk management processes.
    - Identify, assess, and manage information security risks across the Group, incorporating findings from risk assessments, audits, and external testing.
  5. Supplier Assurance and Third-Party Risk Management
    - Ensure key 3rd-party suppliers are assessed against the ISO27001 control framework, with identified risks managed within the Group's risk appetite.
  6. Threat Intelligence and Monitoring
    - Monitor the evolving threat landscape and integrate threat intelligence into the risk assessment process.
  7. Assurance and Audit
    - Lead internal and external assurance, including certification and compliance audits.
  8. Collaboration and Stakeholder Engagement
    - Partner with Technology teams to embed ISMS controls across the business and ensure compliance with security standards.
  9. Education and Awareness
    - Develop and manage a Group-wide Information Security Education and Awareness Program to foster a culture of security awareness and compliance among employees and technical teams.
  10. Advisory and Operational Excellence
    - Provide subject matter expertise on the implementation and assurance of information security policies, standards, and controls in alignment with Group objectives.

What You'll Need To Succeed:
  1. Proven experience in a multi-national retail organisation.
  2. Proven track record of building and leading an Information Security GRC centre of excellence.
  3. Significant knowledge and 5+ years' experience of ISO27001, NIST CSF, Data Privacy Law, PCI DSS and ITIL.
  4. Awareness of regulatory requirements of the sector (e.g. UNC, GDPR; NIS Directive etc).
  5. A solid understanding of Information Security Governance, Risk and Compliance policies, controls and best practice.
  6. Previous experience developing, implementing and maintaining an Information Security Management System (ISMS), certification/re-certification to ISO27001.
  7. Subject Matter Expert in enterprise Risk Management - Information Security.
  8. Experience in developing and embedding Risk Management Frameworks and associated processes and procedures.
  9. Proven people management and leadership skills including performance management and improvement, measurement of KRIs, situational leadership, issue resolution, negotiation and motivating others.
  10. Excellent senior leadership communication skills and demonstrable experience in a customer facing role.
  11. Ability to lead, manage and prioritise across multiple work streams simultaneously.
  12. Professional Certifications, including:
    - Certified Information Security Manager (CISM) or equivalent.
    - CISSP.
    - Certified ISO27001 implementer and or auditor.
    - Certified Information Security Auditor (CISA) is an advantage.

What We Can Offer You
With us, you will turn your aspirations into reality. We will help shape your journey through enriching experiences, learning and development opportunities and exposure to different assignments within your role or through internal mobility. Our Group offers diverse career paths for those who are extraordinary, every day.

We recognise the value that you bring, and we strive to provide a competitive benefits package which includes health care, child education contribution, remote and flexible working policies as well as exclusive employee discounts.

We Invite All Applicants to Apply

It Takes Diversity Of Thought, Culture, Background, Differing Abilities and Perspectives to truly Inspire, Exhilarate and Delight our customers. At Chalhoub Group, we are committed to inclusion and diversity.

We welcome all applicants to apply and be part of our exciting future. We ensure equal opportunity for all our applicants without regard to gender, age, race, religion, national origin or disability status.

Department: TECH
Get a free, confidential resume review.
Select file or drag and drop it
Avatar
Free online coaching
Improve your chances of getting that interview invitation!
Be the first to explore new Senior Information Security Manager - Governance, Risk & Compliance jobs in United Arab Emirates