As a humble family business that started on the banks of the Dubai Creek in the 1930s, Al-Futtaim has expanded to a presence in 31 countries, a portfolio of over 200 companies, and 42,000 employees. You’ll find us in industries ranging from automotive and retail, to finance and real estate, and connecting people with international names like Lexus, Ikea, Robinsons, and Adidas. Our team is proudly multicultural and multinational because that kind of diverse representation gives us the global mindset to grow and impact the people, markets, and trends around us.
Come join us to live well, work better, and be the best.
About the Role
The Head of Information GRC is responsible for the assessing and documenting Al Futtaim’s compliance and risk posture as they relate to the its information assets and systems.
The purpose of this position is to provide information security expertise for the development and implementation of the IT and Information risk, compliance and governance management programs. Responsibilities require leadership and people management experience, as well as expertise to ensure effective system-wide security analysis; compliance; risk assessment; awareness and education; and development of policies, standards and guidelines.
About the Responsibilities
Work cross-functionally across all levels in the organization. Represent Information GRC activities to all levels, including Executive Management.
Document, agree and coordinate transfer of 2nd Line of Defence activities from GIAD to EIT iGRC.
Manage cross-functional coordination with Enterprise Risk Management, EIT Management and Internal Audit.
Create, maintain and regularly communicate Information Security Policies, Standards, and Processes.
Lead the development and implementation of the risk management function for the information security program to ensure information security risks are identified, monitored and reported to senior management.
Conduct regular compliance reviews to identify adherence or gap in information security controls.
Manage the organisation wide Information Security Awareness and EIT wide Risk Management training.
Implement and manage the Information Security GRC tool.
Manage all security related audits (internal, external, regulatory, etc.)
Develop, monitor, and report on key metrics (KPIs and KRIs) for risk, compliance and operating effectiveness of internal controls.
About the Requirements
Education:
Degree in Comp Sci, or equivalent. Must have relevant industry certifications from GIAC, ISACA, ISC2, EC-Council, SECO-Council, or similar in Risk Management, Information Security, or Audit.
Minimum Experience and Knowledge:
Minimum of 10 years’ experience in Information Security domain with demonstrable experience working within Audit, Risk and Compliance activities. Knowledge and experience with International Standards such as ISO2700x, PCI-DSS, COBIT, NIST Cyber Security standards, etc.
Job-Specific Skills:
Risk Management – expert knowledge of information security risk management frameworks and practices
Audit Management – ability to constructively manage external and internal auditors
Compliance - Knowledge of PCI-DSS, GPDR and ideally UAE NESA compliance
Leadership:
Engagement with senior Business executives with ability to influence
Able to recognize, coordinate, and motivate stakeholders in cross-departmental initiatives
Able to identify and recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security control gaps, decisions regarding risk, and measures for improving computer and network security.
Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors.
Perform other duties as assigned to ensure the smooth functioning of the team and maintain the reputation of the organization.
Functional:
Expert
Information Security principles and practices
Risk Management principles and practices
Advanced
Systems Development – Advanced knowledge of security architecture and software assurance practices
People management – ability to lead and develop team members
Proficient
SDLC and Project Management methodologies
ITIL and Service Management principles
IT Vendor Management
Business Process Design
We’re here to provide excellent service but a little help from you can ensure a five-star candidate experience from start to finish.
Before you click “apply”: Please read the job description carefully to ensure you can confidently demonstrate why this opportunity is right for you and take the time to put together a well-crafted and personalised CV to further boost your visibility. Our global Talent Acquisition team members are all assigned to specific businesses to ensure that we make the best matches between talent and opportunities. We not only consider the requisite compatibility of skills and behaviours, but also how candidates align with our Values of Respect, Integrity, Collaboration, and Excellence.
As part of our candidate experience promise, we also want to make ourselves available to you throughout the application process. We make every effort to review and respond to every application.
Apply now »