Information Security Risk and Compliance Manager

Job Description

Role Overview:

The Information Security Risk and Compliance (Governance, Risk, and Compliance) Manager implements and maintains frameworks to manage security risks, ensure regulatory compliance, and enforce security policies. He / She is responsible to:

• oversee audits, manage third-party risks, and report to senior management on the security posture.
• ensuring the effective implementation and continuous improvement of the Information Security Management System (ISMS), PCI DSS compliance, and UAE Central Bank (CBUAE) regulatory requirements.

The role is responsible for strengthening security governance, managing enterprise security risks, maintaining regulatory compliance, and supporting executive oversight of cybersecurity programs across all group entities.

Key Responsibilities

• Responsible for overseeing the execution of the GRC program in collaboration with the executive team as well as maintaining the group's library of security controls.
• Lead the implementation, maintenance, and continuous improvement of the Group ISMS aligned with ISO/IEC 27001 standards.
• Develop, update, implement, and maintain information security policies, standards, and procedures.
• Ensure consistent implementation of information security governance across the group.
• Develop goals for data privacy based on legal regulations and other compliance needs, designs and implement privacy policies and practices, and assess these practices for effectiveness.
• Update security controls and provide support to all stakeholders on security controls covering internal assessments, laws, and regulations.

• Manage the organization's PCI DSS compliance program, including scope definition, risk assessments, and coordination with Qualified Security Assessors (QSAs).
• Track remediation activities and ensure continuous compliance with PCI DSS requirements.

• Ensure compliance with UAE Central Bank (CBUAE) information security and risk management regulations.
• Monitor regulatory updates and assess their impact on the organization.

• Identify, assess, evaluate, and mitigate IT Security risks by conducting information security risk assessments and maintain centralized risk registers.
• Track risk mitigation actions and report the security risk posture to management.

• Ensure compliance with legal, regulatory, and contractual requirements.
• Coordinate internal audits, external certification audits, and regulatory assessments (ISO 27001, ISO 27005, NIST, PCI DSS, etc.).
• Track audit findings and ensure timely remediation and closure.

• Oversee organization-wide security awareness and compliance training programs.

• Bachelor's degree in:

o Engineering

o Information Security

o Computer Science

o IT Risk Management or a related discipline.

• 8–12 years of experience in Cybersecurity, Information Security Governance, Risk Management and Compliance Audit.
• Deep understanding of frameworks like ISO 27001, PCI-DSS, DESC ISR, etc.

• CISSP
• CISM
• CISA
• CRISC
• ISO 27001 Lead Implementer / Lead Auditor