Track This Job
Add this job to your tracking list to:
- Monitor application status and updates
- Change status (Applied, Interview, Offer, etc.)
- Add personal notes and comments
- Set reminders for follow-ups
- Track your entire application journey
Save This Job
Add this job to your saved collection to:
- Access easily from your saved jobs dashboard
- Review job details later without searching again
- Compare with other saved opportunities
- Keep a collection of interesting positions
- Receive notifications about saved jobs before they expire
AI-Powered Job Summary
Get a concise overview of key job requirements, responsibilities, and qualifications in seconds.
Pro Tip: Use this feature to quickly decide if a job matches your skills before reading the full description.
Director – Information Security GRC
Sector: Retail
Location: Dubai (Hybrid)
I am currently working with a leading retail organization that is looking to hire a Director of Information Security GRC to lead and institutionalize cybersecurity governance, risk, and compliance across a complex, multi-market environment.
This is a senior leadership role responsible for shaping the enterprise-wide GRC strategy, driving regulatory confidence, and embedding security accountability across business, technology, and operations.
Key Responsibilities
- Define and execute the Information Security GRC strategy aligned with enterprise risk management and business growth
- Develop and maintain security policies, standards, and governance frameworks aligned to ISO 27001, NIST CSF, and COBIT
- Lead the Information Security Risk Management Framework (ISRMF) including risk identification, assessment, treatment, and reporting
- Oversee regulatory compliance and audit readiness across GDPR, UAE PDPL, KSA PDPL, PCI-DSS, ISO 27001/22301
- Own the Third-Party Cyber Risk Management (TPCRM) program, including vendor onboarding, due diligence, and contract security requirements
- Partner with Legal, Internal Audit, HR, Procurement, Technology, and Retail Operations to embed governance into daily operations
- Lead cybersecurity awareness and compliance programs, including executive training and phishing simulations
- Drive GRC platform adoption and automation, integrating with ITSM, risk registers, and incident management systems
Required Skillset
- Strong leadership experience in cybersecurity governance, risk, and regulatory compliance within large, complex organizations
- Deep knowledge of global and Middle East data protection and security regulations
- Hands-on experience managing ISO certifications, regulatory audits, and multi-framework compliance programs
- Proven ability to engage and influence C-level stakeholders and cross-functional leadership teams
- Expertise in third-party risk management, policy governance, and enterprise risk reporting
- Experience implementing and optimizing GRC platforms, dashboards, and automated workflows
Preferred Background
- Degree in Cybersecurity, Risk Management, Information Assurance, Law, or related field
- Professional certifications such as CISM, CRISC, CGEIT, CISSP, ISO 27001 Lead Auditor, or ITIL
Key Skills
Ranked by relevanceReady to apply?
Join Alexander Ash Consulting and take your career to the next level!
Application takes less than 5 minutes