Information Security Lead - #11119
Majid Al Futtaim
Majid Al Futtaim invites you to join us in our quest to create great moments for everyone, everyday! We are the leading shopping mall, residential communities, retail and leisure pioneer across the Middle East, Africa and Asia, serving over 560 million visitors a year. For the past two decades, we have shaped the consumer landscape across the region, transforming the way people shop, live and play, while maintaining a strong sustainability track record and the largest mall in the world to attain LEED Gold EBOM Certification. We have over 40,000 team members in 15 international markets representing over 100 nationalities – all keeping the customer at the heart of everything we do. If you enjoy being BOLD, PASSIONATE and TOGETHER, then Majid Al Futtaim is the destination for you.
Information Security Lead
Role Holder (if currently filled):
Head of Data Protection and Governance
Dubai, United Arab Emirates
Managing/Leading (if applicable):
Date of last revision
Information Security Testing Specialist
Information security is a strategic pillar and a key enabler of the organization digital transformation strategy. The Information Security Lead is a key driver of defining and implementing the information security strategy across the organization.
Based in Dubai and reporting into the Head of Data Protection and Governance within the central holding company, the person will be responsible for defining security baselines and technologies across the group.
In working closely with the IT, security, risk and compliance the Information Security Lead will be providing steer and guidance to the mitigation of information security risks.
Role Details – Key Responsibilities and Accountabilities:
- Working closely with the business stakeholders, risk and compliance leads, information security leads, and IT Security leads in defining and implementing the group-wide information security strategy.
- Establish and maintain strong relationships with IT and IT security team members to lead the change management effort relating to the implementation of security technologies, protocols, and processes.
- Leading a team of senior and junior information security analysts, providing direction for the team and creating cohesion amongst its members. The team size will be a (1-2) but potentially growing with time.
- Role holder is a key contributor to defining the group-wide information security strategy and overseeing its execution
- Drive Business and cyber risk alignment through deep understanding of business and IT strategies..
- Maintain continuous situational awareness about current and emerging cyber threats and the developments in attackers’ tools, techniques, and procedures in order to ensure we have effective protection countermeasures in place.
- Stay abreast of latest development in security technologies and identify the security technologies required to implement the information security strategy and ensure information security risks are mitigated.
- Identify opportunities for security technology harmonization in order to achieve better efficiencies, cost saving, and standardization of processes.
- Defining how security technologies should be configured in order to achieve the intended objectives of the security technology and ensure the relevant information security risks are adequately mitigated.
- Lead Se
- Lead the implementation enterprise-wide projects of security technologies from inception throughout the delivery and until handover to IT security operations
Policies, Standards, and Processes
- Defining enterprise-wide information security standards, baselines, and guidelines which define what good looks like for the group.
- Defining and implementing overarching cross-opco and cross-functional information security processes.
- Assessing compliance with standards and baseline and providing steer and guidance to achieve compliance
- Align security standards and frameworks with overall cyber security, business and technology strategies
Information Security Assessments
- Lead the identification and execution of information security assessments across the group including applications and infrastructure penetration testing, vulnerability assessments, compromise assessments, or through any other assessment technique.
- Review and validate the outcome of security assessment, define the required corrective actions and follow-up the execution of these actions
LEC & Lifestyle – Security Governance
- Accountable for information security second line of defense responsibilities for both Lifestyle and Leisure, Entertainment, and Cinemas in accordance with the defined information security operating model.
- Owns the coordination with Global solutions concerning the definition of security requirements from the shared service center
- Work closely with the director of risk and compliance in these opcos to undertake information risk assessments, follow-up the execution of mitigation actions, and periodically report on the overall security stance.
- Provide information security expertise and consultation to digital, IT, and business teams
- Coordinate the fulfilment of security requirements within these OpCos by defining ownership responsibilities and overseeing their execution.
Information Security Status Reporting
- Accountable for periodic information security status reporting to external stakeholders including business leadership, risk and compliance committees, and other stakeholders.
The job holder must have an exceptional track record of managing information security programs across multiple industries and functions and have strong analytics and technical capabilities.
This position requires both strategic and tactical skill sets, intellectual curiosity, proficiency at problem-solving, and a critical understanding of information security risk mitigation. A “roll up the sleeves” approach is mandatory and a “get it done” attitude is a must.
Key technical competencies for the role are:
- A thorough understanding of the cloud computing architectures and models with proficiency in AWS & Azure cloud platforms
- Extensive knowledge and hands-on experience in networking, operating systems, databases and application security principles
- Expert knowledge of authentication protocols, identity and access management, encryption and public key infrastructure (PKI), endpoint protection, vulnerability management, among other security technologies
- Extensive hands on experience in implementing security technologies
- Proficiency in implementing information security standards such as ISO 27001, NIST Cybersecurity and PCI DSS
- Excellent project management skills and ability to lead teams and drive projects and initiatives in multiple departments and OpCos
- Hands on experience in undertaking security assessments and penetration testing of complex technical installations
- Expert in information security risk management methods and techniques
Personal Characteristics and Required Background:
- Confident, engaging people leader, able to communicate a vision and bring people along on the journey
- Strategic thinker, yet hands-on
- Proactive problem solver with immediate professional and intellectual credibility and has an impactful style. Will be collaborative, low-ego, and pragmatic.
- Have strong influence and ability to stand out and role model change in the organization
- Exceptional interpersonal and communication skills with ability to communicate about complex security issues with ease
- Enthusiastic and have excellent interpersonal skills, strong verbal and written communications skills, with intuitive storytelling ability.
- Strong leadership style that is focused on influence without authority given the enterprise-wide scope.
- 10+ years of progressive experience in information security with at least 4 years of experience in a managerial information security role.
- A bachelor’s degree in computer science, cryptography, information security, MIS, engineering or related discipline
Signature of Role Holder:
Head of Division/Department/Sec:
Head of Human Capital: