JOB TITLEManager - Information Security Governance, Risk & Compliance | MAF Holding | Information SecurityROLE SUMMARYIn supporting the critical business processes, digital technologies have come to play a major role and that includes maintaining their information security and resiliency. Information security is a strategic pillar of the organizations digital transformation strategy.Based in Dubai, the role holder will be an enabler for ensuring the operationalization of the group information security governance strategy including ensuring that the related technology investments follow security best practices and remain measurable, for efficacy.JOB DETAILS
Development and update of the GRC dashboard and recommend improvements in metrics captured therein.
Continuously define and/or refine security measurement metrics across deployed security technologies and capture them to incorporate within GRC dashboard.
Plan, conduct and incorporate learnings from regular VAPT and other risk assessment exercises to test the adequacy of existing controls.
Ensure that established information security management (ISMS) framework complies with best practice standards (OWASP / ISO 27001 etc.) and is appropriately replicated across other operating regions.
Contribute to the development and maintenance of technology / IT risk assessments of the technology infrastructure supporting identified critical processes.
Aid fulfilment of regulatory and industry best practices for information security and compliance domains.
Perform IT risk assessments and take it to its levels of maturity in accordance to business needs. Rewrite plans and recommendations where required for improved security posture.
Contribute to policies and standards including deliverables, outputs, activities, services and functions to maintain its objectives.
REQUIREMENTS
Knowledge of Secure software development lifecycle / DevSecOps across IaC and Microservices.
Expert knowledge of one or more IT risk assessment methodologies, preferably in a consulting environment.
Knowledge of co-relation use cases in SIEM for cloud first environments & hands on experience on IT GRC tools such as RSA Archer, Metrics Stream, Diligent GRC, etc..
8 to 10 years of exposure to multinational / multi-disciplinary operations and technology environment within the information security operations and/or information security compliance.
Certified in information security (CISSP) or similar.
WHAT WE OFFER:
At Majid Al Futtaim, were on a mission to create great moments, to spread happiness, to build, experiences that stay in our memories for a lifetime. Were proud to say that over the past 27 years, we have built a reputation as a regional market leader in what we do. Join us!
Work from any country in the world for 30 days a year.
Work in a friendly environment, where everyone shares positive vibes and excited about our future.
Work with over 50,000 diverse and talented colleagues, all guided by our Leadership Model.