Info Security&compliance Lead

Majid Al Futtaim invites you to join us in our quest to create great moments for everyone, everyday We are the leading shopping mall, residential communities, retail and leisure pioneer across the Middle East, Africa and Asia, serving over 560 million visitors a year. For the past two decades, we have shaped the consumer landscape across the region, transforming the way people shop, live and play, while maintaining a strong sustainability track record and the largest mall in the world to attain LEED Gold EBOM Certification. We have over 40,000 team members in 15 international markets representing over 100 nationalities - all keeping the customer at the heart of everything we do. If you enjoy being BOLD, PASSIONATE and TOGETHER, then Majid Al Futtaim is the destination for you.

**Role Purpose**:
The Information Security & Compliance Lead is responsible for developing and executing the organization's cybersecurity operations strategy. This role involves overseeing a team of security professionals and coordinating efforts with multiple stakeholders to ensure that information assets are adequately protected. The role holder will design, implement, and operate a suite of security technologies to achieve the desired protection levels. Additionally, this position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.

This position requires a visionary leader with sound knowledge of business management and a deep understanding of cybersecurity principles, architecture, and technologies. The Information Security & Compliance Lead will proactively work with the business units and Head Office Data Protection Team to implement practices that meet defined policies and standards for information security, will also oversee IT security operational activities across the Group.

The Information Security & Compliance Lead is the process owner of all activities related to ensuring the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information security rules and principles. A key element of the role is implementing and maintaining a set of security controls to ensure the information risk is kept within the defined tolerance levels for the organization and ensure that information systems are maintained in a fully functional, secure mode.

**Role Details - Key Responsibilities and Accountabilities**:
The Information Security & Compliance Lead job is composed of a variety of responsibilities, including strategic, tactical, and operational activities in support of the overall organization’s strategy as follows:
**_Information Security Strategy, Planning and Governance_**
- Contribute to the development of the enterprise cybersecurity strategy
- Develop, implement and monitor a tactical plan for the execution of the enterprise cybersecurity strategy
- Facilitate information security governance through providing all the required input to the governance and oversight bodies
- Contribute to the development of enterprise information security policies, standards and guidelines own the development of policies and procedures related to the scope of duties.
- Implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers
- Develop and manage information security budgets, and monitor them for variances
- Liaise with the enterprise architecture team and Holding security architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures
- Develop a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security
- Provide regular reporting on the current status of the information security program to Holding data protection team, enterprise risk teams, senior business leaders and the audit risk committees (ARCs) of the board of directors as part of a strategic enterprise risk management program
- Take ownership, maintain & update documented information security processes and procedures related to the full scope of responsibilities. This also include defining cross-functional processes with touchpoints with the information security function.

**_Information Security Risk and Control Management:_**
- Work directly with the business units to facilitate information risk assessment and management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk
- Implement a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from company policies, globa