A well-known and well-reputed Company based in Dubai, United Arab Emirates is looking for an experienced, skilled, competent, mature, qualified, creative, and intelligent candidate with significant knowledge and relevant working experience for the position of “Security Manager, Risk and Compliance”.
|Bachelors Degree | Masters Degree
|5 – 6 years of Relevant Experience Required
|27,000 AED – 30,000 AED
|Full Time | Permanent
|50 – 100 Employees
Noon is a fast-growing e-commerce venture in the Middle East with a committed capital of $ 1 billion. Our aim is to develop a world-class digital and e-retail ecosystem in the Middle East. To achieve this goal, Noon has built end-to-end in-house capabilities including Technology, Commercial, Marketing, Logistics, and Fulfillment. After launching in UAE and KSA in 2017, we are now looking for aggressive scaling strategies to maximize our customer reach and product offerings.
At Noon, we recognize risk, compliance, and governance’s importance and value to the broader Information Security program success. Therefore, we are seeking a Risk and Compliance Manager to focus on building a security assurance program that enables our companies to meet regional/global regulatory and compliance requirements and far beyond.
We are excited to have someone join the team with broad compliance, risk, and technical experience. This role will acquire and nurture collaborations with Legal, Internal Audit, the broader Infosec department, and other Engineering functions to drive a data-centric security assurance strategy that leverages engineering principles to address compliance.
Department: Information Security
Reporting to: Group Vice President of Information Security / CISO
- Lead the Governance, Risk & Compliance team at Noon Group
- Hiring and mentoring new team members within the GRC function
- Lead GRC program from both a strategy and execution standpoint
- Own all aspects of the compliance requirements, including the management and implementation of the key controls of PCI-DSS, ISO 27001, and SOC 2 across our group of companies.
- Build an Engineering-first GRC program by leveraging engineering principles to address compliance challenges.
- Overseeing the design and implementation of the Vendor Risk Assessment program and liaising with outside vendors/suppliers regarding security and compliance measures.
- Provide Subject-Matter-Expert guidance on the org-wide risk management program and risk appetite.
- Development & implementation of data privacy framework and processes (e.g., TOM, policies & procedures, Consent Management, DSAR requests, Data Privacy incident management, etc.)
- Perform Gap Analysis and Risk Assessment as per the defined scope.
- Effectively write and communicate audit, assessment or compliance results, findings, and recommendations to stakeholders while ensuring high-quality and proper documentation of project deliverables.
- Communicate to the management on a regular basis on compliance status and any issues related to meeting the business compliance commitments
- Design and execute information security awareness strategy and programs and Develop information security awareness content.
- Ensure that Information Security policies and procedures comply with regulations; draft, edit, and publish policies and procedures when they need to be updated or created
- Serve as an internal point-person for our employees by translating security policy and compliance frameworks into actionable requirements and guidance to inform their work
- +6 years of overall compliance, risk management, and data privacy experience with +8 years in InfoSec/Cybersecurity
- Bachelor’s degree, or equivalent experience, in Computer Science, Engineering, Mathematics or a related field.
- Experience in interpretation and practical application of data privacy laws including GDPR
- Must have at least 5 years in managing regulatory and compliance framework requirements (e.g., PCI DSS, SOC2, ISO27001, ISO 27701, GDPR, NCA/NDMO data privacy framework)
- Experience in Data Protection Impact Assessments.
- Good understanding of regional security standards and regulations
To be successful in this role, we are looking for individuals that have …
- Strong ability to define, drive and execute a program vision, strategy, approach, and milestones in alignment with organizational priorities and initiatives
- Experience in managing teams, delivering high-quality audit work products, and communicating effectively with various partners (e.g., external/internal audit, senior management, etc.)
- Strong ability to assess the big picture, connect the dots and apply to tasking
- Excellent verbal and written communication skills with both technical and non-technical partners, with a focus on informing, influencing and relationship building
- Ability to build rapport with business units to identify privacy risks/trends and keep abreast of new products/initiatives.
- Experience in international standards and local regulatory requirements related to payment security, data privacy and protection.
- Ability to monitor and keep current with changes and trends in the regulatory landscape.
- Having a previous engineering background is highly preferred.
- Experience in privacy management, data discovery, data classification/labelling, and data security is a plus.
- Relevant GRC-related security certification are desirable.
- Experience in using cloud providers such as AWS, GCP
- Establishes industry expertise through writing, speaking, shipping open-source projects, or online presence.