The Head of Information Security is responsible for developing and leading the organization’s information security strategy, governance frameworks, and operational capabilities. This role ensures the confidentiality, integrity, and availability of information assets across the organization by establishing robust security policies, overseeing compliance with regulatory requirements, managing cybersecurity risks, and leading incident response activities. The incumbent acts as the senior advisor on all cybersecurity and information assurance matters, driving a culture of security awareness across the enterprise.

About the Role

The Head of Information Security is responsible for developing and leading the organization’s information security strategy, governance frameworks, and operational capabilities.

Responsibilities

• Strategy & Governance
• Develop and implement the organization’s information security strategy, policies, and governance frameworks aligned with business objectives and regulatory requirements.
• Establish a Cybersecurity Governance Model, including roles, responsibilities, and escalation paths.
• Provide strategic security leadership and advice to the Executive Management team on emerging cyber threats, security risks, and best practices.
• Ensure alignment with national cybersecurity regulations (e.g., UAE NESA, ADDA ISR, GDPR, ISO 27001).

• Risk Management & Compliance
• Lead the identification, assessment, and mitigation of cybersecurity risks across the organization.
• Oversee periodic security audits, penetration testing, and vulnerability assessments, ensuring timely remediation.
• Ensure compliance with internal policies and external legal/regulatory obligations.
• Develop and maintain a cybersecurity risk register and provide regular reporting to senior leadership.

• Security Operations & Incident Response
• Establish and manage a Security Operations Center (SOC) or external managed services to monitor and respond to security threats.
• Develop and lead incident response and disaster recovery plans, ensuring swift response to security incidents and minimizing business impact.
• Oversee investigations of security breaches and implement corrective actions to prevent recurrence.
• Manage security monitoring tools, SIEM solutions, endpoint protection, and threat intelligence feeds.

• Architecture & Technology
• Ensure security is embedded in IT architecture, applications, and infrastructure through secure-by-design principles.
• Oversee identity and access management, encryption strategies, data loss prevention, and network security architecture.
• Evaluate and implement advanced cybersecurity technologies and AI-driven security solutions where appropriate.

• Leadership & Awareness
• Lead and develop a high-performing information security team, including SOC analysts, security engineers, GRC specialists, and incident response leads.
• Build and promote a culture of security awareness across all departments through training, campaigns, and engagement programs.
• Represent the organization in external cybersecurity forums and government working groups.

Qualifications

• Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or related field (Master’s preferred).
• 10+ years of experience in cybersecurity, including at least 5 years in leadership roles within large enterprises or government entities.
• Proven experience developing and implementing cybersecurity strategies and managing complex security programs.
• Strong knowledge of information security frameworks and standards (e.g., ISO 27001, NIST, COBIT, CIS Controls).
• Experience with UAE regulatory frameworks (e.g., NESA, ADDA ISR, TDRA guidelines) is highly desirable.
• Relevant certifications such as CISSP, CISM, CISA, ISO 27001 Lead Implementer/Auditor.

Required Skills

• Strategic leadership and stakeholder management.
• In-depth understanding of current and emerging cyber threats and technologies.
• Strong analytical and problem-solving skills.
• Excellent communication skills, with the ability to influence at all levels including board/executive level.
• High integrity, confidentiality, and resilience under pressure.