Security Manager – Orient | Group Tech &Dig Platforms | Corporate Services

Job Requisition :[[167114]]

As a crucial member of the information Governance Risk and Compliance (iGRC) subfunction within the CISO office, the Information Security Manager will be responsible for developing, implementing, and overseeing information risk management strategies to safeguard our organization’s information assets and mitigate cybersecurity threats in line with Al‑Futtaim Group Information Risk Management and Enterprise Risk Management processes and standards as well as regulatory requirements.

The role requires strong leadership skills, extensive experience in cybersecurity and risk management, deep knowledge of the regulatory requirements of insurance entities within UAE, and the ability to drive collaboration across departments to ensure the highest level of security and compliance.

• Risk Management Identify and assess risks to information assets, develop and implement strategies to mitigate them, and continuously monitor the effectiveness of risk management processes.
• Compliance Management Monitor and ensure compliance with applicable laws, regulations, and standards related to information governance and data protection. Stay updated on changes in regulatory requirements and industry best practices. Develop and implement compliance programs and initiatives, including training and awareness programs.
• Stakeholder Engagement Collaborate with IT, HR, legal, and audit teams to integrate security measures across all departments, ensuring that all aspects of the organization adhere to compliance standards. Facilitate communication and coordination to address security concerns and uphold regulatory requirements.
• Third Party Risk Assessment Identify and conduct third party risk assessment on all our critical third‑party vendors.
• Audit Management Planning, execution, and oversight of audit activities (internal, external, regulatory, etc.) within the organization to ensure compliance, identify risks, and drive continuous improvement.
• Client Risk Assessments Conduct various client risk assessments carried out by our supporting clients on our infrastructure setup, addressing all sections on security controls, data protection, compliance, and business continuity.
• Conduct and report risk assessment and compliance check as per cycle.

• Insurance or banking experience
• ADHICS Audit passing
• Minimum of 8 years experience
• Communications & Negotiation skills
• Stakeholder, program & Vendor management

You will be reporting to Manager Information GRC.

• Degree in Engineering or equivalent. Should have at least one of the following certifications: CISSP, CISM, CISA, CGRC, GRCP, ISO 27001 LA/LI
• Minimum of 8 years of experience in the IT or Information risk domain. Knowledge on International Standards such as UAE‑IA, ADHICS, ISO, PCI‑DSS, ITIL, COBIT, NIST, etc.
• Compliance and Regulatory Knowledge (UAE‑Information Assurance and ADHICS)
• Knowledge of current cybersecurity threats, vulnerabilities, and trends.
• Expertise in creating and enforcing security policies, procedures, and guidelines.
• Knowledge of IT infrastructure, including networks, systems, and applications.

• Guiding strong IT and business team with security initiatives
• Engagement with senior Business executives with ability to influence

• Risk Management
• Solution design
• IT Security Management

• Service Management
• IT Project Management
• IT Vendor Management
• Infrastructure and Technology

• Business Process Design
• Application Implementation