Director – IT Governance, Risk & Compliance (GRC)

Director – Information Security GRC

Sector: Retail

Location: Dubai (Hybrid)

I am currently working with a leading retail organization that is looking to hire a Director of Information Security GRC to lead and institutionalize cybersecurity governance, risk, and compliance across a complex, multi-market environment.

This is a senior leadership role responsible for shaping the enterprise-wide GRC strategy, driving regulatory confidence, and embedding security accountability across business, technology, and operations.

Key Responsibilities

• Define and execute the Information Security GRC strategy aligned with enterprise risk management and business growth
• Develop and maintain security policies, standards, and governance frameworks aligned to ISO 27001, NIST CSF, and COBIT
• Lead the Information Security Risk Management Framework (ISRMF) including risk identification, assessment, treatment, and reporting
• Oversee regulatory compliance and audit readiness across GDPR, UAE PDPL, KSA PDPL, PCI-DSS, ISO 27001/22301
• Own the Third-Party Cyber Risk Management (TPCRM) program, including vendor onboarding, due diligence, and contract security requirements
• Partner with Legal, Internal Audit, HR, Procurement, Technology, and Retail Operations to embed governance into daily operations
• Lead cybersecurity awareness and compliance programs, including executive training and phishing simulations
• Drive GRC platform adoption and automation, integrating with ITSM, risk registers, and incident management systems

Required Skillset

• Strong leadership experience in cybersecurity governance, risk, and regulatory compliance within large, complex organizations
• Deep knowledge of global and Middle East data protection and security regulations
• Hands-on experience managing ISO certifications, regulatory audits, and multi-framework compliance programs
• Proven ability to engage and influence C-level stakeholders and cross-functional leadership teams
• Expertise in third-party risk management, policy governance, and enterprise risk reporting
• Experience implementing and optimizing GRC platforms, dashboards, and automated workflows

Preferred Background

• Degree in Cybersecurity, Risk Management, Information Assurance, Law, or related field
• Professional certifications such as CISM, CRISC, CGEIT, CISSP, ISO 27001 Lead Auditor, or ITIL