INSPIRE | EXHILARATE | DELIGHT

For over six decades, Chalhoub Group has been a partner and creator of luxury experiences in the Middle East. The Group, in its endeavour to excel as a hybrid retailer, has reinforced its distribution and marketing services with a portfolio of eight owned brands and over 300 international brands in the luxury, beauty, fashion, and art de vivre categories. More recently, the Group expanded its expertise into new categories of luxury watches, jewellery, and eyewear.

Every step at Chalhoub Group is taken with the customer at heart. Be it constantly reinventing itself or focusing on innovation to provide luxury experiences at over 750+ experiential retail stores, online and through mobile apps, each touch point leads to delighting the customer.

What you\'ll be doing

We are seeking a dynamic and visionary Head of Information Security to lead the information security function including security governance, risk, compliance, and security operations. In this strategic leadership role, you will be responsible for developing and executing the organization\'s information security strategy. You will lead a team of security professionals and collaborate closely with cross-functional teams and multiple stakeholders to ensure the confidentiality, integrity and availability of the group\'s information assets and services. This position requires a leader with a strategic mindset and a deep understanding of cybersecurity principles, architecture, and technologies.

Security Architecture, Governance & Compliance

• Formulate and drive the organization\'s information security strategy in alignment with business objectives.
• Develop, implement, and monitor strategic roadmap and tactical plans for the execution of enterprise information security strategy.
• Develop, review, and update information security policies, standards, and procedures aligned to security strategy, relevant regulations, and industry best practices.
• Conduct security audits and posture assessments and present conclusions to group senior management. Also, provide regular reporting on the status of the information security to the enterprise risk and crises management committee and relevant stakeholders.

• Drive the remediation activities which may include operational enhancements, tactical fixes and strategic remediations.
• Lead the implementation of a unified control framework and security architecture framework to address the requirements resulting from company policies, standards, and regulations.
• Collaborate with the enterprise architecture team and ensure alignment between the security and enterprise architectures.
• Facilitate and lead governance and risk committee meetings to ensure consistent application of security standards and policies across all projects, technology platforms and services.
• Develop and manage information security budgets.

Security Risk Management

• Define and facilitate the information security risk assessment process in accordance with the enterprise risk management framework, including the reporting and oversight of risk treatment efforts.
• Liaise with tech teams, project managers and business units to facilitate information risk assessment and management processes, and work with stakeholders on identifying acceptable risk levels.
• Implement a risk-based process for managing third-party risks that may result from suppliers, consultants, and other service providers.

Security Operations Management

• Lead the selection, design, and implementation of security tools and technologies and ensure these solutions meet their control objective continuously.
• Manage response to security incidents to protect information assets and business-critical services. The job holder is expected to be on-call 24x7 to lead the CSIRT in case of high-severity incidents needing prompt attention.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
• Develop and manage effective disaster recovery policies to align with enterprise business continuity management program objectives.
• Coordinate the development of runbooks and procedures to ensure that business-critical services are recovered in the event of a security event.
• Manage and monitor the performance of MSSP partners and other suppliers providing information security services.

Security Training and Awareness

• Develop and deliver cybersecurity training and awareness programs for employees and technical teams.
• Promote a culture of security awareness and compliance among stakeholders at all levels of the organization.

Team Leadership

• Build and lead a high-performing team of security specialists, fostering a culture of innovation, collaboration, and continuous learning.

• Mentor and develop team members, providing guidance and opportunities for career growth.
• Develop self and the team through mentoring, training, and talent development activities.

What you\'ll need to succeed :

• Bachelor\'s degree in Computer Science, Information Technology, or a related field. Master\'s degree preferred.
• Professional security management certifications such as CISSP, CISM, C-CISO or other similar credentials.

• Proven experience (10+ years) in a combination of Information Security Architecture, Governance, Risk, Compliance, and technology-related roles. A minimum of 3-5 years experience in an Information Security leadership role.
• Solid understanding of common information security standards, frameworks and regulations such as ISO/IEC 27001, Cloud Security Alliance, NIST, PCI/DSS and GDPR.
• Knowledge and understanding of threat modelling methodologies, such as STRIDE and Mitre Att&k framework.
• Experience in leading the implementation and operations of security technologies such as EDR, VM, DLP, IPS, Firewalls, DevSecOps, SIEM, etc.
• Experience in leading and motivating cross-functional teams to achieve tactical and strategic goals.

• Exceptional problem-solving skills and a results-oriented mindset.

• Excellent communication, collaboration, and interpersonal skills.

What we can offer you

With us, you will turn your aspirations into reality. We will help shape your journey through enriching experiences, learning and development opportunities and exposure to different assignments within your role or through internal mobility. Our Group offers diverse career paths for those who are extraordinary, every day.

We recognise the value that you bring, and we strive to provide a competitive benefits package which includes health care, child education contribution, remote and flexible working policies as well as exclusive employee discounts.

We Invite All Applicants to Apply

It Takes Diversity Of Thought, Culture, Background, Differing Abilities and Perspectives to truly Inspire, Exhilarate and Delight our customers. At Chalhoub Group, we are committed to inclusion and diversity.

We welcome all applicants to apply and be part of our exciting future. We ensure equal opportunity for all our applicants without regard to gender, age, race, religion, national origin or disability status.

Chalhoub Group