Manager Information Security

Role Profile:

Alshaya employed a dedicated security team to implement and maintain the organization's information security program. Typically, this group is led by a chief information officer. The security group is generally responsible for conducting risk management, a process through which vulnerabilities and threats to information assets are continuously assessed, and the appropriate protective controls are decided on and applied. The value of an organization lies within its information and its security is critical for business operations, as well as retaining credibility and earning the trust of clients.
Information security programs are built around the core objectives of the CIA triad: maintaining the confidentiality, integrity and availability of IT systems and business data.

The below Key Performance Areas include but are not limited to:
ï¼ Define risk governance strategy and ensure alignment with business objectives
ï¼ Approve control frameworks and ensure cross-functional adoption
ï¼ Report risk trends and remediation status to executive leadership
ï¼ Govern exception policy and ensure audit readiness
ï¼ Ensure audit outcomes drive continuous improvement
ï¼ Lead enterprise-wide audit planning and regulatory alignment
ï¼ Present security metrics to board-level stakeholders
ï¼ Strategic alignment of risk assessments with business objectives
ï¼ Sponsor control initiatives and allocate resources
ï¼ Influence business decisions through risk intelligence
ï¼ Champion security culture and workforce engagement
ï¼ Govern enterprise investigation protocols and legal coordination
ï¼ Own Policy enforcement governance and regulatory reporting
ï¼ Define policy governance and ensure enterprise alignment
ï¼ Lead enterprise-wide security programs and stakeholder alignment
ï¼ Define exception handling strategy and oversee execution

Knowledge (Desired):
ï¼ Authority on ISO governance and regulatory alignment, ensuring frameworks are embedded across the organization.
ï¼ Strategic oversight of control architecture, ensuring alignment with compliance requirements and business objectives.
ï¼ Executive-level communication of risk posture, security strategy, and compliance status to leadership and stakeholders.
ï¼ Leadership in compliance governance, regulatory engagement, and fostering a culture of accountability.
ï¼ Effective stakeholder communication and coordination during investigations and legal holds.
ï¼ Oversight of performance measurement, continuous improvement, and reporting of security and compliance KPIs.
ï¼ Leads enterprise risk alignment, facilitates risk assessments, and engages executive stakeholders in mitigation strategies.
ï¼ Governs the full policy lifecycle, ensuring strategic alignment and enforcement of security policies.
ï¼ Leads enterprise-wide compliance and risk mitigation programs through cross-functional collaboration.
ï¼ Oversees breach response, including senior management notification and crisis management coordination.

Experience
ï¼ 10 â 15 Years of Experience
ï¼ GRC Manager
ï¼ Professional Certification: CISM, CGEIT, ISO 27001 Lead Auditor, CIPM, CRISC, CISA PCI ISA

Skills:

ï¼ Proficient in Risk Management: Skilled in identifying, evaluating, and mitigating enterprise-level risks.
ï¼ Hands-on experience with GRC tools: Practical knowledge of platforms such as Archer, ServiceNow GRC, or equivalent for managing governance, risk, and compliance workflows.
ï¼ Strategic oversight of security controls: Ability to design, implement, and monitor control frameworks aligned with regulatory standards.
ï¼ Expertise in ISO and regulatory frameworks: Deep understanding of ISO standards and global compliance requirements (e.g., GDPR, PCI DSS).
ï¼ Policy governance: Capable of managing the full lifecycle of security policies and ensuring strategic alignment with business objectives.
ï¼ Compliance leadership: Drives compliance awareness and engagement across departments, including regulatory liaison.
ï¼ Risk communication: Communicates risk posture and mitigation strategies effectively to executive leadership and stakeholders.
ï¼ Incident response coordination: Leads breach response efforts, including senior management notification and crisis handling.
ï¼ Performance metrics and evaluation: Oversees the development and tracking of key performance indicators for continuous improvement.
ï¼ Cross-functional collaboration: Leads enterprise-wide initiatives for compliance, risk mitigation, and audit readiness.