Share this Job

Manager, Information Security

Date: 10-Jan-2023

Location: Dubai, AE

Company: Majid Al Futtaim

Majid Al Futtaim invites you to join us in our quest to create great moments for everyone, everyday! We are the leading shopping mall, residential communities, retail and leisure pioneer across the Middle East, Africa and Asia, serving over 560 million visitors a year. For the past two decades, we have shaped the consumer landscape across the region, transforming the way people shop, live and play, while maintaining a strong sustainability track record and the largest mall in the world to attain LEED Gold EBOM Certification. We have over 40,000 team members in 15 international markets representing over 100 nationalities – all keeping the customer at the heart of everything we do. If you enjoy being BOLD, PASSIONATE and TOGETHER, then Majid Al Futtaim is the destination for you.

Role Purpose:


The role reports into Senior Manager, Risk, and is responsible for driving the governance and oversight of MAFP Information Security (IS) Management Program as well as Integrating the program with MAFP ERM framework. This will require identifying, assessing and reporting on IS risks in a manner that meets external and internal requirements, as well as supports forming a 360-degree view on enterprise risks for CEC, RMC and ARC. The position holder will therefore work closely with the rest of the Risk & Compliance team and business leadership to drive an integrated approach to Governance, Risk and Compliance. Furthermore, the role will cover working with Holding Compliance, Head of Information Security, and Global Solution Business partners to ensure effective program implementation and compliance with group-wide policies, processes, and procedures. The role will also work with MAFP IT Audit team to support a balanced view on risk and controls across the Three Lines of Defense.  

 

Role Details – Key Responsibilities and Accountabilities:


•    Act as the key point of contact for information security at MAFP and manage the relationship with Holding and GS stakeholders on all ongoing project being delivered to MAFP
•    Conduct periodic risk assessments and identify strategic opportunities to adopt industry-leading information security and compliance standards
•    Regularly liaise with Holding, Global Solutions and 3rd party teams to ensure MAFP requirements are adhered to in product development and support
•    Facilitate the identification of information security risks and risk assessment activities using bow-tie cause and impact methodology and act as the custodian of risk registers
•    Conduct scenario analysis and risk quantification exercises (such as Monte Carlo Simulations) to quantify the Value-at-Risk related to key information security risk areas.
•    Conduct Data Leakage investigations and escalate findings to the Risk and Compliance leads within MAFP 
•    Establish effective monitoring mechanisms for Information Security risk and compliance, such as related Power BI dashboards (KRI, KPIs, KCIs). 
•    Conduct Annual Information Security Risk Maturity Assessments and report to Management
•    Aggregate Risk information at MAFP Level and assess MAFP’s Information Risk position against Risk Appetite statements and thresholds
•    Play a key role in the implementation of ERM and GRC technology platforms and coordinating the annual penetration testing agenda (with Holding Compliance, Global Solutions and outsourced testing providers), across                   Properties.
•    Prepare and present a quarterly information security risk reports for the Board Audit and Risk Committee.
•    Delivering risk trainings to MAFP BU’s on information security risk methodologies as well as key awareness topics such as: maintenance of data registers, data leakage prevention and data governance policies. Assess and               provide feedback on the BU’s risk training needs to MAFP Risk Lead.

The role will require uncompromised confidentiality due to broad access to very sensitive information


Functional/Technical Competencies:


These duties require a sound knowledge of MAF business landscape and ERM, and a working knowledge of information security management system, data governance and privacy. Furthermore, they call for an ability to proactively work with business units to implement practices that not only meet Policy requirements but drive business performance and continuous improvement.


•    Excellent inter-personal, communication and documentation skills
•    Proven analytical and problem-solving abilities
•    Ability to effectively prioritize and execute tasks in a high-pressure environment
•    Good written, oral, and interpersonal communication skills
•    Ability to conduct research into IT security issues and products as required
•    Ability to present ideas in business-friendly and user-friendly language
•    Highly self-motivated and directed. Keen attention to detail
•    Team-oriented and skilled in working within a collaborative environment


Personal Characteristics and Required Background:


•    A bachelor's or master's degree in Computer Science, Engineering, Information Management Systems, or other technology related discipline
•    Professional certification, such as: 
-    Certified Information Systems Security Professional (CISSP)
-    Certified Information Security Manager (CISM)
-    Certified Information Systems Auditor (CISA)
-    Certified Cloud Security Professional (CCSP)
-    ISO 27001 Lead Auditor/Implementer or other similar credentials
•    Professional certification, such as: Project Management Professional (PMP), Information Technology Infrastructure Library (ITIL), or other similar credentials, is a plus
•    A minimum of 8-10 years of experience working as an Information Security, Cybersecurity Risk, and Compliance Professional
•    Arabic native speaker is a plus.