Senior Manager - Information Security

Job Overview

The incumbent will lead the design, implementation, and oversight of the organization’s information security and data security guidelines. Responsible for establishing enterprise‑wide cyber resilience, ensuring regulatory compliance, and embedding security‑by‑design across infrastructure, cloud, and business operations. Serve as the organization’s information security lead, providing strategic direction, governance oversight, and assurance to executive management and board committees.

Metrics & Targets

• Policy and SOP:
  Defining and maintaining policies and SOPs to guide the implementation of Information Security requirements.
• Embedding Controls:
  Partnering with stakeholders to embed key information security controls in the day‑to‑day functioning of business and support units.
• Governance:
  Periodic scheduling of Information Security Committee and presenting risks and recommended controls related to Information Security.
• Disaster Recovery:
  Ensure effective deployment, testing, and maintenance of disaster recovery practices for the Company.

• Develop, implement, and maintain an org‑wide cybersecurity strategy aligned with business objectives and technology roadmap.
• Define and enforce cybersecurity policies, standards, and procedures in line with ISO 27001, NIST CSF, PCI‑DSS, UAE IA, GDPR, and local regulations.
• Coordinate the Information Security Committee and report on the security posture, risks, issues, trends, and control maturity to senior management of the Company.
• Prepare the Committee deck for sharing with members post coordination with IT stakeholders to obtain relevant updates.
• Participate in the Technology Change Review Committee to review and assess security risks and controls associated with technology changes.
• Integrate cybersecurity, risk, and privacy considerations into enterprise architecture, IT operations, and project delivery.
• Ensure cyber risk management is embedded into enterprise governance, performance, and assurance frameworks.

• Oversee SOC governance, incident response, threat intelligence integration, and continuous monitoring of security controls.
• Conduct periodic vulnerability assessments, penetration tests, baseline scanning and cyber risk assessments to identify and mitigate potential exposures and track and report issues to senior management.
• Lead incident response planning, simulations, and post‑incident reviews to strengthen resilience and reduce recovery time.
• Define and monitor cybersecurity KPIs to measure performance and support continuous improvement.
• Conduct Technology risk assessments for all IT projects and ensure effective monitoring and reporting of risks.
• Coordinate with IT and business units to ensure timely remediation of audit findings and risk treatment actions.
• Review Risk and Controls Self‑Assessment (RCSA) submission by IT and develop and maintain IS RCSA on a periodic basis to ensure effective risk monitoring, testing and reporting.

• Ensure compliance with cybersecurity, privacy, and data protection requirements under ISO 27001, PCI‑DSS, NIST, UAE IA, CBUAE Notices and other relevant regional laws.
• Manage internal and external cybersecurity audits and oversee certification renewals.
• Collaborate with regulators and external auditors to demonstrate control effectiveness and address compliance gaps.
• Maintain detailed documentation of cybersecurity controls, incident logs, and compliance evidence for governance reporting.

• Guide secure configuration, access management, and encryption practices across IT infrastructure.
• Review network firewall rules, network shared folders and security device configurations to identify issues and recommend fixes.
• Maintain oversight of Data Loss Prevention (DLP) alerts and their escalation to Senior Management.

• Conduct third‑party cybersecurity risk assessments and enforce cybersecurity SLAs in vendor contracts.

• Develop and conduct cybersecurity…