Senior Information Security Manager

INSPIRE | EXHILARATE | DELIGHT

For over six decades, Chalhoub Group has been a partner and creator of luxury experiences in the Middle East. The Group, in its endeavour to excel as a hybrid retailer, has reinforced its distribution and marketing services with a portfolio of eight owned brands and over 300 international brands in the luxury, beauty, fashion, and art de vivre categories. More recently, the Group expanded its expertise into new categories of luxury watches, jewellery, and eyewear.

Every step at Chalhoub Group is taken with the customer at heart. Be it constantly reinventing itself or focusing on innovation to provide luxury experiences at over 750+ experiential retail stores, online and through mobile apps, each touch point leads to delighting the customer.

Today, Chalhoub Group stands for 14,000 skilled and talented professionals across seven countries, whose cohesive efforts have resulted in the Group being ranked third in the Middle East and first in Saudi Arabia as a Great Place to Work.

To keep the innovation journey going, the Group has set up "The Greenhouse", which is not just an innovation hub, but also an incubator space and accelerator for start-ups and small businesses in the region and internationally. This is just one of the several initiatives taken by the Group to reinvent itself, catalysed by forward thinking and future-proofing. The Group has also been embedding sustainability at the core of its business strategy with a clear commitment towards people, partners and the planet, and by being a member of the United Nations Global Compact Community and signatory of the Women's Empowerment Principles.

What You'll Be Doing

The Information Security Governance, Risk and Compliance (IS GRC) Senior Manager will be responsible for building and managing the Group Information Security GRC function. The function will deliver and manage ISO27001, Information Security Management System (ISMS), NIST CSF, PCI DSS, Supplier Assurance, Risk and Compliance activities. The ISMS caters for multiple complex IT environments and business processes.

Reporting to the Director of Information Security, the IS GRC Manager will develop and lead the IS GRC function and collaborate closely with key stakeholders across the business, suppliers, and Technology teams to implement best practice and assure controls to protect important information assets. The function will achieve and maintain certifications and compliance; and achieve alignment with industry standards and best practice.

• Develop and lead an Information Security GRC team and capabilities.
• Implement and manage all elements of the ISO2700:2022, ISMS documentation, including Policies, Standards, Controls, associated risk and exceptions registers, compliance testing.
• Embedding and improving the ISMS controls across the 1st and 2nd line of defence operations and roadmap.
• Assure compliance with NIST CSF and UCF across the technical ecosystem in partnership with Technology teams.
• Lead internal and external assurance activities, certification and compliance audits, including controls gaps analysis and effectiveness assurance reviews across the Group and prioritising the output with business owners and the Information Security Board.
• Provide advice, guidance and audit support to control owners.
• Collaborate with both internal and external auditors and key stakeholders effectively to continually improve the posture of Information Security across the Group.
• Day to day SME advice and guidance for change activity relating to implementation against Chalhoub Group policy, standards and controls.
• Lead Information Security Risk Management, identify, assess and manage information security risks across Chalhoub Group.
  • Develop the Information Security Risk Management framework.
  • Ensure that it aligns and feeds into the organisation's broader corporate risk.
  • Performing risk analysis, manage risk lifecycle from various sources (e.g. Information Security Risk Assessment, Audit, Security Tests, etc).
  • Disseminating appropriate risk information to various levels within the organisation, as needed.
  • Ensuring that key 3rd party suppliers are measured against the ISO27001 control framework, and any identified risks managed within Chalhoub Group risk appetite.
• Monitor evolving threat landscape and be intelligence led to factor in risk assessments.
• Chair Information Security Risk Committee and Information Security Working Group.
• Provide Information Security update as appropriate to the Risk and Crisis Committee.
• Collaborate and work with stakeholders and interested parties to ensure Chalhoub Group is secure internally and externally.
• Develop and manage a Group wide Information Security Education and Awareness program for employees and technical teams to embed and mature a culture of security awareness and compliance.

What You'll Need To Succeed

• Proven experience in a multi-national retail organisation.
• Proven track record of building and leading an Information Security GRC centre of excellence.
• Significant knowledge and 5+ years' experience of ISO27001, NIST CSF, Data Privacy Law, PCI DSS and ITIL.
• Awareness of regulatory requirements of the sector (e.g. UNC, GDPR; NIS Directive etc).
• A solid understanding of Information Security Governance, Risk and Compliance policies, controls and best practice.
• Previous experience developing, implementing and maintaining an Information Security Management System (ISMS), certification/re-certification to ISO27001.
• Subject Matter Expert in enterprise Risk Management – Information Security
• Experience in developing and embedding Risk Management Frameworks and associated processes and procedures.
• Proven people management and leadership skills including performance management and improvement, measurement of KRIs, situational leadership, issue resolution, negotiation and motivating others.
• Excellent senior leadership communication skills and demonstrable experience in a customer facing role.
• Ability to lead, manage and prioritise across multiple work streams simultaneously.
• Professional Certifications, including:
  • Certified Information Security Manager (CISM) or equivalent.
  • CISSP.
  • Certified ISO27001 implementer and or auditor.
  • Certified Information Security Auditor (CISA) is an advantage.

What We Can Offer You

With us,you will turn your aspirations into reality. We will help shape your journey through enriching experiences, learning and development opportunities and exposure to different assignments within your role or through internal mobility. Our Group offers diverse career paths for those who are extraordinary, every day.

We recognise the value that you bring, and we strive to provide a competitive benefits package which includes health care, child education contribution, remote and flexible working policies as well as exclusive employeediscounts.

We Invite All Applicants to Apply

It Takes Diversity Of Thought, Culture, Background, Differing Abilities and Perspectives to truly Inspire, Exhilarate and Delight our customers. At Chalhoub Group, we are committed to inclusion and diversity.

We welcome all applicants to apply and be part of our exciting future. We ensure equal opportunity for all our applicants without regard to gender, age, race, religion, national origin or disability status.