Job Requisition ID: 63070
No two days are the same at Al-Futtaim, no matter what role you have. Our work is driven by the desire to make a difference and to have a meaningful impact with the goal of enriching everyday lives. Take our engaging and supportive work environment and couple it with a company culture that recognises and rewards quality performance, and what do you get? The chance to push the limits every single day.
As a humble family business that started on the banks of the Dubai Creek in the 1930s, Al-Futtaim has expanded to a presence in 31 countries, a portfolio of over 200 companies, and 42,000 employees. You’ll find us in industries ranging from automotive and retail, to finance and real estate, and connecting people with international names like Lexus, Ikea, Robinsons, and Adidas. Our team is proudly multicultural and multinational because that kind of diverse representation gives us the global mindset to grow and impact the people, markets, and trends around us.
Come join us to live well, work better, and be the best.
About the Role
Support Head of Information GRC in developing Enterprise IT’s Information Security Governance, Risk and Compliance management function considering widely accepted practices and the needs of AL Futtaim’s business model.
About the Task
Support development and maintenance of the EIT Risk Management Framework (RMF) and supporting tools.
Perform security risk assessments per annual RMF cycle and project engagements.
Validate, track and maintain third party risk assessment per cycle and business vendor engagement.
Provide reporting and risk metrics of the risk management activity.
Conduct and report compliance checks as per cycle.
Engagement Management, Compliance, Risk Management, Process Management
About the Requirements
Degree in Comp Sci, Engineering or equivalent. Must have relevant industry certifications from GIAC, ISACA, ISC2, EC-Council, SECO-Council, or similar in Risk Management, Information Security, or Audit.
Minimum Experience and Knowledge:
Minimum of 6 years of experience in the IT or Digital security or risk domains. Hands on experience with on International Standards such as ISO31000, ISO2700x, PCI-DSS, COBIT, or NIST Cyber Security standards, etc.
Experience in audit or risk departments and have performed and managed Risk Management or Audit life-cycles.
- Engagement with senior Business executives with ability to influence
- Ability to effectively communicate security and risk management objectives with technicians and engineers
- Ability to work with and influence auditors
- Technical security controls across common enterprise technologies
- Technical Risk assessments and associated practices – e.g., threat modelling, CWSS
- Physical and logical security architectures
- Knowledge of Identification, Authentication, Authorization and Accountability controls
- PKI and Encryption principles
- SDLC and software assurance activities
- Cloud and Micro Services security
- Infrastructure and Technology patching lifecycle management
- Risk Management
- IT Project Management
- IT Vendor Management
- Service Management
- Business Process Design
- Application Frameworks and Patterns
We’re here to provide excellent service but a little help from you can ensure a five-star candidate experience from start to finish.
Before you click “apply”: Please read the job description carefully to ensure you can confidently demonstrate why this opportunity is right for you and take the time to put together a well-crafted and personalised CV to further boost your visibility. Our global Talent Acquisition team members are all assigned to specific businesses to ensure that we make the best matches between talent and opportunities. We not only consider the requisite compatibility of skills and behaviours, but also how candidates align with our Values of Respect, Integrity, Collaboration, and Excellence.
As part of our candidate experience promise, we also want to make ourselves available to you throughout the application process. We make every effort to review and respond to every application.