Assistant Manager
Dubai, United Arab Emirates
Job Description
Our Client
Leading Fintech Company based in UAE
Your Responsibilities
- Operate as the primary support to the Head of Information Security (UAE) to deliver the information security program for UAE covering governance, risk and compliance areas.
- Maintain UAE’s information security policies, standards, guidelines and procedures in line with Group CISO standards to ensure information security risks are appropriately managed.
- Own all aspects of the delivery of certification audits to ensure NI UAE remain successfully certified against PCI DSS, ISO27001, ISAE2 3402 and NESA requirements
- Ensure other information security compliance requirements are met for client, scheme and local regulatory requirements in consultation with Legal and Regulatory team
- Conduct periodic risk assessments. Record, maintain and track information security risk registers. Implement controls for the execution of risk treatment plans and update the risk register
- Develop, track and report KPIs and KRIs for the UAE information security and report risk posture as directed by Group CISO through Head of Information Security UAE
- Represent information security during IT Change Management processes including emergency change management meetings to identify risks and ensure compliance with information security requirements
- Be part of new technology and business initiatives, reviews and provide information security SME consultation and advises to ensure compliance with various information security requirements
- Communicate to the management on a regular basis on compliance status and any issues related to meeting the business compliance commitments
- Review information security exceptions and highlight risks associated with the exception to relevant audience to make sound risk-based decision following risk management frameworks
- Manage the delivery of information security projects to meet the NI information security strategies and goals
- Be part of the security incident response group as required for managing / coordination of relevant investigation including data leaks, compromises etc.
- Prepare and maintain information security dashboards, reports on a periodic basis
Third Party Risk Management
- Work with Group CISO and Head of Procurement to develop and implement a third-party information security governance and risk management framework to identify, evaluate, remediate and track complex business and technology risks introduced through Third party
- Support the creation of relevant policies and procedures that support the successful implementation and maintenance of third party risk management operating models
- Create and maintain third party risk registers for the UAE as per the risk management program. Track issues for closure and highlight at relevant platforms
- Participate in the new third party engagement due diligence process and ensure risk on information security is kept at acceptable levels and highlight risks as appropriate
- Identify and suggest technology enhancements to support third-party risk management processes
- Conduct periodic formal end to end third party risk assessments on existing third party through various modes including onsite visits. Document risk assessment in a formal report, including any identified deficiencies in third party’s Information Security program. Assess remediation plans and non-compliance acceptances where information security standards compliance cannot be achieved
- Represent client during any third party audits/reviews (from clients) from information security area, respond to client questionnaires as required
- Serve as a subject matter expert and process ambassador as it relates to TPRM related processes, procedures, and workflows
- Partner with other internal teams such as business team, operating units, IT, legal, HR, Enterprise Risk to ensure that risks are clearly articulated in a manner that is understood by business and technology audiences
- Actively participate and provide inputs in decision making for management by broadly analyzing and mapping impact of current decisions on identified risks with third party
Your Qualifications
- 8 to 10 years of experience in managing Information security GRC in a large technology complex leading banking, financial, payment service provider institutions
- Sound experience in managing end to end third party risk management reviews and audits. Experience with multinational audit firms is an advantage
- Strong hands on experience in managing and maintaining PCI DSS certifications in large PCI DSS compliance environments could be beneficial
- Strong experience in certification and compliance maintenance of ISO 27001, ISAE 3402, NESA and other legal, regulatory requirement
- Bachelors preferably IT discipline. Post graduate degree will be an added advantage
- Certifications such CISA, CISM, CISSP, CRISC, PCI DSS, ISO 27001 etc.
- Excellent verbal and written English communication skills. Must be able to present and articulate complex information security risks to technical and non-technical audiences in simple manner
Halian Group
With over 20 years of experience, we have come to understand that innovation is the only way to provide agile, practical solutions that transform businesses and careers.
Our resourcing and smart services help you to realize tomorrow’s potential. Discover the amazing things possible when you bring the right people and the right technologies together.
Beware of fraud agents! do not pay money to get a job
MNCJobsGulf.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.
Job Detail
-
Job IdJD1417154
-
IndustryNot mentioned
-
Total Positions1
-
Job Type:Full Time
-
Salary:Not mentioned
-
Employment StatusPermanent
-
Job LocationDubai, United Arab Emirates
-
EducationNot mentioned