Job Overview

The incumbent will lead the design, implementation, and oversight of the organization’s information security and data security guidelines. Responsible for establishing enterprise-wide cyber resilience, ensuring regulatory compliance, and embedding security-by-design across infrastructure, cloud, and business operations. Serve as the organization’s information security lead, providing strategic direction, governance oversight, and assurance to executive management and board committees.

Key Performance Indicators

Metrics

Targets

Policy and SOP

Defining and maintaining policies and SOPs to guide the implementation of Information Security requirements

Embedding Controls

Partnering with stakeholders to embed key information security controls in the day-to-day functioning of business and support units

Governance

Periodic scheduling of Information Security Committee and presenting risks and recommended controls related to Information Security

Disaster Recovery

Ensure effective deployment, testing and maintenance of disaster recovery practices for the Company

Job Responsibilities

Result Areas

Details

Cybersecurity Strategy and Governance

• Develop, implement, and maintain an org-wide cybersecurity strategy aligned with business objectives and technology roadmap.
• Define and enforce cybersecurity policies, standards, and procedures in line with ISO 27001, NIST CSF, PCI-DSS, UAE IA, GDPR, and local regulations.
• Coordinate the Information Security Committee and report on the security posture, risks, issues, trends, and control maturity to the senior management of the Company.
• Prepare the Committee deck for sharing with members post coordination with IT stakeholders to obtain relevant updates.
• Participate in the Technology Change Review Committee to review and assess security risks and controls associated with technology changes.
• Integrate cybersecurity, risk, and privacy considerations into enterprise architecture, IT operations, and project delivery.
• Ensure cyber risk management is embedded into enterprise governance, performance, and assurance frameworks.

Cybersecurity Operations and Risk Management

• Oversee SOC governance, incident response, threat intelligence integration, and continuous monitoring of security controls.
• Conduct periodic vulnerability assessments, penetration tests, baseline scanning and cyber risk assessments to identify and mitigate potential exposures and track and report issues to senior management.
• Lead incident response planning, simulations, and post-incident reviews to strengthen resilience and reduce recovery time.
• Define and monitor cybersecurity KPIs to measure performance and support continuous improvement.
• Conduct Technology risk assessments for all IT projects and ensure effective monitoring and reporting of risks
• Coordinate with IT and business units to ensure timely remediation of audit findings and risk treatment actions.
• Review Risk and Controls Self-Assessment (RCSA) submission by IT and develop and maintain IS RCSA on a periodic basis to ensure effective risk monitoring, testing and reporting.

Compliance, Audit, and Regulatory Alignment

• Ensure compliance with cybersecurity, privacy, and data protection requirements under ISO 27001, PCI-DSS, NIST, UAE IA, CBUAE Notices and other relevant regional laws.
• Manage internal and external cybersecurity audits and oversee certification renewals.
• Collaborate with regulators and external auditors to demonstrate control effectiveness and address compliance gaps.
• Maintain detailed documentation of cybersecurity controls, incident logs, and compliance evidence for governance reporting.

Security Architecture and Technology Governance

• Guide secure configuration, access management, and encryption practices across IT infrastructure.
• Review network firewall rules, network shared folders and security device configurations to identify issues and recommend fixes.
• Maintain oversight of Data Loss Prevention (DLP) alerts and their escalation to Senior Management.

Vendor and Third-Party Risk Management

• Conduct third-party cybersecurity risk assessments and enforce cybersecurity SLAs in vendor contracts.

Awareness, Training, and Culture

• Develop and conduct cybersecurity awareness and training programs across all employee levels.
• Deliver targeted sessions for high-risk departments and leadership teams to strengthen cyber accountability.
• Perform phishing simulation exercises to assess the effectiveness of the training program and employees’ awareness.
• Promote a culture of shared responsibility for information security across the organization.

Leadership, Budget, and Resource Management

• Lead and mentor cybersecurity, audit, and risk professionals, fostering skill development and performance excellence.
• Define staffing needs, manage cybersecurity budgets, and optimize investment in technologies and services.
• Build capability maturity across cyber, risk, and data privacy domains and ensure leadership succession planning.

Role Specifications

Education

• MBA or Master’s Degree in relevant field of study
• Professional certifications: CISM, CISA, CDPSE, CISSP (preferred), CEH, CompTIA Security+, or equivalent.

Experience

• Minimum 12–15 years of experience in information security, IT risk assessment, or cyber risk management, including at least 5 years in a senior leadership role.

Technical

• Proven success leading cybersecurity and GRC programs in regulated or complex enterprise environments.
• Strong understanding of ISO 27001, NIST CSF, PCI-DSS, GDPR, UAE Data Protection, and local regulatory frameworks.
• Expertise in SOC governance, incident response, vulnerability management, and data protection.
• Experience in cloud security, IT governance, and third-party risk management.

Core Competencies

• Cybersecurity Leadership and Strategy
• IT Risk and Compliance Management
• Security Architecture and Cloud Governance
• Data Privacy and Protection
• Regulatory Engagement
• SOC and Incident Response Oversight
• Governance Reporting and Risk Communication
• Team Leadership and Performance Management

Behavioral

• Strong attention to detail
• Ability to work effectively and influence people up, down and across the organization
• Strong Communication and interpersonal skills
• Strong analytical skills