[Dubai] Information Security and Data Privacy Officer

Responsibilities

• Develop and oversee the information security strategy of Dubai Entity.
• Ensure compliance with relevant cybersecurity regulations and standards.
• Implement measures to protect IT systems and data from cyber threats.
• Conduct regular security assessments and audits.
• Develop and maintain an incident response plan for cybersecurity breaches.
• Provide regular training and awareness programs on information security.
• Assess and manage cybersecurity risks associated with vendors and third-party service providers.
• Ensure compliance with data protection laws and regulations.
• Develop and implement data protection policies and procedures.
• Oversee the processing of personal data to ensure compliance with relevant laws.
• Ensure data subjects can exercise their rights under data protection laws.
• Develop and implement a data breach response plan.
• Notify regulatory authorities and affected individuals in the event of a data breach.
• Provide regular training on data protection for employees.
• Other Adhoc tasks assigned by Group CTO.

Requirements

• 5 to 8 years experience in a similar role in a large international organisation (within the financial services sector, fintech or blockchain related industry would be deemed an advantage).
• Strong knowledge and understanding of information security, data protection and privacy practices and policies, including information security and privacy frameworks, standards, best practices and information security and data protection regulations, especially in Dubai.
• Experience in implementing a secure development lifecycle and working with Privileged Access Management
• Ability to identify areas for improvement and recommending how to improve them.
• Ability to drive and integrate complex, multi-functional, cross-organizational initiatives.
• The ability to interact with Informa colleagues, build good relationships at all levels and across all business units and organisations, and the ability to influence stakeholders of all levels.
• Ability to work with others effectively, with 3rd parties, internal teams, and international business units, promoting knowledge sharing within and across teams.
• Demonstrable experience of managing and motivating cross-functional, interdisciplinary teams to achieve tactical and strategic goals in a matrixed organisational structure.
• Highly self-motivated and directed, with keen attention to detail.
• A good understanding of security frameworks including ISO27001 / NIST / CIS / COSO / RMF / PCI DSS / HIPAA, etc.
• Interest in blockchain and digital assets, and willingness to work with other teams in a highly collaborative start-up fintech environment.
• Well organised, detail oriented, presentable and with excellent communication skills (both verbal and written) in English (Proficency in Mandarin would be deemed an advantage).
• Problem solving, time management, analytical, and investigative skills.
• Professional qualifications pertinent to the sector (i.e. International Association of Privacy Professionals (IAPP) Certification(s) – e.g. CIPP/Asia, CIPM, CIPT, FIP will be highly preferred).
• Be open to performing other responsibilities associated with the position.