Assistant Manager Information Security

Job Description

Job Location: Dubai

Job Summary:

The Assistant Manager - Information Security will support the organization's Governance, Risk, and Compliance (GRC) initiatives by conducting risk assessments, supporting audits, and ensuring compliance with regulatory frameworks. The role also involves assisting in implementing security measures and controls, performing regular health checks, and collaborating with stakeholders to align security efforts with business objectives.

Responsibilities:

• Assist in developing, updating, and maintaining information security policies, standards, and procedures.
• Assist in evaluating the security posture of third-party vendors and partners.
• Support in implementing Risk Management framework.
• Support risk assessment exercise and maintain relevant trackers for periodic reviews.
• Support in maintaining and updating the organization's Risk Register.
• Track identified risks and ensure that relevant stakeholders implement timely mitigation efforts.
• Assist in aligning the organization's practices with regulatory frameworks such as ISO 27001, ADHICS v2 and other industry standards.
• Conduct periodic compliance and security health checks.
• Maintain KPI tracker and develop relevant reports and dashboards.
• Conduct security awareness training sessions for employees to promote best practices.
• Support role-based training programs tailored to specific job functions.
• Communicate findings, risks, and recommendations clearly to stakeholders.
• Stay updated on emerging security threats and technologies.
• Propose updates to security measures based on industry trends.
• Collaborate with business units to identify, evaluate, and manage information security risks.
• Coordinate internal and external audit activities, including data collection, evidence preparation, and reporting.
• Generate reports and dashboards on key GRC metrics for management review.

Requirements:

• Bachelor's degree in computer information systems, Information Security, or a related discipline.
• CISA (Certified Information Systems Auditor), ISO 27001 Lead Implementer or Auditor
• CRISC (Certified in Risk and Information Systems Control), CEH (Certified Ethical Hacker)
• 68 years of experience in:

1. Information security or GRC programs
2. Risk assessment and mitigation strategies.
3. Supporting compliance with regulatory frameworks (ISO 27001, ADHICS v2, GDPR, etc.)
4. Facilitating audits and implementing security improvements
5. Developing and maintaining policies and procedures

• Governance, Risk, and Compliance (GRC) tools and methodologies.
• Risk management techniques and tools.
• Familiarity with regulatory compliance frameworks, including ADHICS v2 and ISO 27001.
• Knowledge of vulnerability assessment tools and practices.