19 Security Audit jobs in the United Arab Emirates

We are currently seeking an Information Security Manager (Operations) for our UAE operations. The ideal candidate will have:

1. 7-10 years of experience in Information Security or a related field.
2. Strong Operations knowledge within the banking sector, with hands-on experience in implementing and managing IS applications such as EDR, SIEM, DLP .
3. Network-related experience with a background in Computer Science, Network, or Cyber Security , along with relevant certifications.

Terms & Conditions:

• Joining timeframe: Maximum 4 weeks .
• Remote work: No .
• Employment type: Full-time .

This job is currently active and accepting applications.

INSPIRE | EXHILARATE | DELIGHT

For over seven decades, Chalhoub Group has been a partner and creator of luxury experiences in the Middle East. In its pursuit to excel as a hybrid luxury retailer, the Group has curated a portfolio of over 10 owned brands and strengthened its distribution and marketing expertise for over 400 international names across luxury fashion, beauty, jewellery, watches, eyewear, and art de vivre categories.

Every step at Chalhoub Group is taken to build a future where luxury dreams become reality — bridging cultures and crafting memorable experiences for our consumers. Be it by constantly reinventing itself, committing to innovation, or embracing new technologies, the Group is shaping the future of luxury retail. It delivers seamless omnichannel experiences across more than 950 stores, online platforms, and mobile apps. Driving this innovation journey is The Greenhouse — the Group's innovation hub, incubator, and accelerator for startups and emerging businesses, regionally and globally.

Chalhoub Group fosters a people-at-heart culture rooted in diversity, equity, and inclusion, and a workplace catalysed by forward thinking and future-proofing. Today, it brings together over 16,000 talented professionals across eight countries in the Middle East, with a presence in LATAM. Their collective efforts have earned the Group the Great Place to Work certification in several markets.

Sustainability is at the core of the Group's strategy, guided by a clear commitment to people, partners, and the planet. Chalhoub Group is proud to be a member of the United Nations Global Compact, a signatory of the Women's Empowerment Principles, and to have pledged to reach Net Zero by 2040.

What You'll Be Doing

The AI and Information Security Lead will be instrumental in ensuring that AI systems and data assets are secure, compliant, and ethically managed, aligning with global best practices and regional regulatory standards. This role will drive security innovation, mitigate risks associated with AI technologies, and support the organization in adopting AI securely while ensuring the privacy and integrity of its data.

Key Responsibilities

• Develop and execute a comprehensive AI security strategy that aligns with Chalhoub Group's business objectives and digital transformation goals.
• Lead the integration of AI-driven security solutions into the Group's existing cybersecurity architecture, ensuring interoperability, scalability and resilience.
• Establish security frameworks for AI model development, deployment, and lifecycle management, incorporating best practices from NIST AI RMF and CSA's AI Organizational Responsibilities.
• Collaborate with data governance teams to ensure AI models adhere to privacy standards and ethical considerations throughout their lifecycle.
• Work closely with data governance teams to implement robust data protection measures, including encryption, access controls, and anonymization techniques, ensuring compliance with regional data protection laws such as the UAE's Data Protection Law and international standards like GDPR.
• Oversee the secure handling of sensitive data throughout the AI model lifecycle, from development to deployment, supporting business innovation while mitigating risks.
• Identify and assess emerging AI-driven security threats, implementing proactive measures to mitigate risks associated with adversarial AI, model poisoning, and data leakage.
• Lead the development and execution of AI-specific threat models and risk assessments, ensuring alignment with Chalhoub Group's overall risk management framework.
• Stay ahead of emerging threats in AI and data security, providing continuous threat intelligence and mitigation strategies.
• Ensure that AI systems adhere to ethical guidelines, promoting transparency, fairness, and accountability in AI decision-making processes.
• Monitor and enforce compliance with relevant regulations and standards, including ISO/IEC 27001, NIST 800-53, EU AI Act and the UAE's AI Ethics Guidelines.
• Act as a thought leader, driving internal awareness, training programs, and promoting a culture of responsible AI use and ethical data practices.
• Foster collaboration with cross-functional teams, including Tech&Data, legal, data privacy and compliance, to integrate AI security considerations into business processes and technological advancements.
• Engage proactively with external stakeholders, technology partners, vendors, and regulatory bodies to remain informed on emerging trends, best practices, and regulatory shifts relevant to AI and cybersecurity.
• Participate in hackathons, and crowd sourcing platforms effectively to progress on cyber 'definition of good'.

What You'll Need to Succeed

Bachelor's or Master's degree in Cybersecurity, Computer Science, Data Science, Artificial Intelligence, or a related field.

Advanced certifications or specialized courses in AI/ML or AI Security, such as:

• Certified Artificial Intelligence Practitioner or AI Security Practitioner certifications.
• Specialized AI/ML courses from recognized platforms like Coursera, edX, or AI-focused programs.

Industry-Specific Certifications:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Cloud Security Professional (CCSP)
• Certified Ethical Hacker (CEH)

Practical experience with securing AI/ML models, including the development of adversarial machine learning defenses, model validation, and securing AI pipelines.

Familiarity with security frameworks for AI/ML models such as NIST AI RMF, and CSA's AI Organizational Responsibilities.

Proficiency with popular AI/ML tools and libraries, including TensorFlow, PyTorch, scikit-learn, and cloud-based AI platforms (AWS, Azure, Google Cloud).

Knowledge of AI-driven cybersecurity applications, including anomaly detection, threat intelligence, and automated defense systems.

Working knowledge in LLM models like Gemini, Llama, GPT, DALL-E and frameworks like LangChain & Vector databases like Faiss, Pinecone etc.

Deep understanding of AI-specific risks such as model poisoning, adversarial attacks, and data leakage

What We Can Offer You

With us,you will turn your aspirations into reality. We will help shape your journey through enriching experiences, learning and development opportunities and exposure to different assignments within your role or through internal mobility. Our Group offers diverse career paths for those who are extraordinary, every day.

We recognise the value that you bring, and we strive to provide a competitive benefits package which includes health care, child education contribution, remote and flexible working policies as well as exclusive employeediscounts.

We Invite All Applicants to Apply

It Takes Diversity Of Thought, Culture, Background, Differing Abilities and Perspectives to truly Inspire, Exhilarate and Delight our customers. At Chalhoub Group, we are committed to inclusion and diversity.

We welcome all applicants to apply and be part of our exciting future. We ensure equal opportunity for all our applicants without regard to gender, age, race, religion, national origin or disability status.

At Papel Holdings, we're not just another Fintech company. We're on a mission to revolutionize the financial landscape. From innovative banking solutions to cutting-edge digital asset products, we're transforming how people interact with money.

Who We Are

At Papel Holdings, we're not just another Fintech company. We're on a mission to revolutionize the financial landscape. From innovative banking solutions to cutting-edge digital asset products, we're transforming how people interact with money.

Careers at Papel suit those who want to have an impact, who are comfortable getting uncomfortable, willing to take risks and win big. We are brave, laser-focused and have high aptitude, with a little playfulness for good measure. If you're someone who thrives on high accountability, possesses a start-up spirit, and flair for industry-savvy solutions, you'll fit right in.

If this resonates with you, you'll have the opportunity to make a real impact and be part of something that's changing how we interact with money and wealth.

POSITION OBJECTIVE

The Information Security Manager at Papel is a critical role responsible for overseeing and managing the organization's information security program, ensuring the confidentiality, integrity, and availability of our digital assets. This role encompasses the implementation and management of Payment Card Industry Data Security Standard (PCI DSS) compliance, penetration testing, and other relevant security measures / controls. The ISM will work closely with various departments and stakeholders to develop and maintain a robust cybersecurity posture that aligns with Papel's business objectives and risk appetite.

Responsibilities

• Develop, implement, and maintain a comprehensive information security program, including policies, procedures, and controls, to protect the company's assets, ensuring compliance with regulatory requirements and industry best practices
• Manage the implementation and maintenance of PCI DSS compliance, ensuring the company meets all relevant requirements and undergoes regular audits
• Implement and adhere to ISO 27001 standards
• Oversee and coordinate penetration testing activities, including vulnerability assessments, penetration testing, and security incident response, to identify and remediate potential security risks
• Collaborate with various departments and stakeholders to assess and address information security risks, ensuring that risk mitigation measures are in line with business objectives and risk appetite
• Monitor and analyse emerging cybersecurity threats and trends, recommending and implementing appropriate countermeasures to protect the company's assets
• Develop and deliver cybersecurity awareness and training programs to educate employees on the importance of information security and their role in maintaining a secure environment
• Manage relationships with external vendors and partners, ensuring that information security requirements are effectively communicated and integrated into third-party contracts and agreements
• Work with other stakeholders such as technical architects, product managers, developers to implement, configure or maintain security measures / controls
• Work closely with the CTO to continuously improve cyber security policies, processes, tools and controls

Requirements

• 7+ years information and cyber security experience in financial services. Fintech experience is a major plus
• Strong analytical skills with high attention to detail
• Good communication and interpersonal skills
• Demonstrated analytical skills and attention to detail
• Strong understanding of regulatory standards governing the fintech, digital assets and global payment industry
• Experience working in a fast-paced, dynamic environment, preferably in a start-up, digital assets or fintech company.

Other Skills

• Strong written and verbal communication skills
• High level of organization and ability to manage multiple priorities simultaneously
• Excellent problem-solving capabilities
• High ethical standards and professionalism, with a commitment to confidentiality
• Ability to work effectively in a team as well as independently
• Competitive pay
• Discretionary bonus

Seniority level

Seniority level

Mid-Senior level

Employment type

Employment type

Full-time

Job function

Job function

Information Technology

IT Services and IT Consulting

Referrals increase your chances of interviewing at PAPEL Holding by 2x

Sign in to set job alerts for “Information Security Manager” roles.

Chief Information Security Officer (CISO)

Contract Assistant Manager - Luxury Hotels

Technical Product Owner - CPS / Innovation / Aviation

Manager – IT Security & Networks (Emirati Talent)

Chief Specialist - Enterprise Command & Control Center Systems

Chief Specialist - Data - Governance & Compliance Audit

Project Manager -(Information Security-Govt. Projects)-Dubai

Chief Specialist - Data - Governance & Compliance Audit

Chief Auditor - Corporate Monitoring - UAE Nationals Only

Chief Auditor - Corporate Monitoring - UAE Nationals Only

Chief Specialist - Contracts & Agreements

Chief Specialist - Contracts & Agreements

Senior Security Specialist | ICT & IT Security

Engineer - information Security -UAE Nationals Only

Engineer - information Security -UAE Nationals Only

Unmanned Aerial Vehicle System Chief Specialist

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

J-18808-Ljbffr

Security Manager • Dubai, Dubai, United Arab Emirates

Join to apply for the Engineer - information Security role at Roads and Transport Authority

Join to apply for the Engineer - information Security role at Roads and Transport Authority

KEY RESULTS ACCOUNTABILITIES
# Perform other duties and responsibilities related to the job as assigned

Job Description
KEY RESULTS ACCOUNTABILITIES
# Perform other duties and responsibilities related to the job as assigned
# Participate in monitor security alerts and events using Security Information and Event Management (SIEM)
# Participate in escalate complex incidents to higher-level analysts or teams
# Participate in perform initial triage and investigation of security events
# Provide feedback on the effectiveness of existing SIEM rules and recommend enhancements for improved detection capabilities
# Support the development and fine-tuning of SIEM rules, correlation logic, and detection use-cases based on observed trends and emerging threats
# Document incident details, analysis steps, and response actions in a structured and timely manner
# Assist in building and maintaining playbooks and standard operating procedures (SOPs) for incident response and investigation
# Contribute to periodic security reports and summaries for internal stakeholders
# Collaborate with senior SOC analysts to develop threat detection strategies and validate detection logic
# stay up to date on the latest security threats, trends, and technologies
# Assist in security audits, vulnerability assessments, and compliance activities as needed

• Strictly Adhere to RTA Information Security policies, procedures, and processes.
• Strictly follow the Information Security data sharing guidelines for all internal and external data transfers.
• Immediately report any Information Security incidents to your line manager and IT support for prompt guidance and resolution.
• Actively participate in all assigned Information Security training and awareness sessions to enhance your knowledge and address potential Information Security risks.
• Always comply with instructions and guidance provided by your line manager in line to the Information Security requirements.
  

• Seniority level Entry level

• Employment type Full-time

• Job function Information Technology
• Industries Government Administration

Referrals increase your chances of interviewing at Roads and Transport Authority by 2x

Get notified about new Information Security Engineer jobs in Dubai, Dubai, United Arab Emirates .

Dubai, Dubai, United Arab Emirates 1 year ago

Dubai, Dubai, United Arab Emirates 1 year ago

We're unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Fuse is building a fully integrated energy company—spanning solar, wind, hydrogen, power trading, and distributed energy systems. We sell directly to consumers to reduce costs and deliver real savings.

We're also creating the Energy Network : a decentralised system of smart devices that rewards users in Energy Dollars for electrifying their homes, shifting usage to off-peak hours, and supporting grid stability—critical for scaling AI and energy-intensive industries.

We're looking for a Chief Information Security Officer (CISO) to lead our company-wide security strategy. You'll protect our infrastructure, digital assets, and customer data while enabling fast, secure growth.

Key Responsibilities

Security Strategy & Leadership

• Define and lead Fuse's security strategy across infrastructure, applications, and data
• Lead hands-on development of security roadmaps, maturity models, and control frameworks tailored to Fuse's risk profile
• Directly contribute to architecture reviews, threat modelling sessions, and key design decisions across product and platform teams
• Build and mentor a high-performing security team, including hiring, coaching, and managing performance
• Develop KPIs and reporting structures to measure and communicate security posture to leadership and the board
• Advise the executive team on security risks, regulatory exposure, and investment priorities to support long-term growth

Governance & Compliance

Risk Management & Threat Intelligence

Incident Response & Resilience

Technology & Infrastructure Security

Security Culture & Collaboration

Requirements

Bonus :

Benefits

Seniority level

Seniority level

Executive

Employment type

Employment type

Full-time

Job function

Job function

Other

Industries

Services for Renewable Energy

Referrals increase your chances of interviewing at Fuse Energy by 2x

Get notified about new Chief Information Security Officer jobs in Dubai, Dubai, United Arab Emirates .

Chief Technology Officer - French fluent

Chief Technology Officer - French fluent

Dubai, United Arab Emirates 4 minutes ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

J-18808-Ljbffr

• Project Manager – Information Security
  

• An Engineering Degree, with 6+ Years experience in Information Security / Data Protection Project Management in BFSI.
• Hands on experience in leading information security/ cyber security projects.
• Proficient in application/ technology architectural security design principles, cyber threat assessments, software development life cycle, firewalls, data protection/ security, vulnerability scanning, application security, etc.
• Demonstrated expertise in the management of technology and application risks and controls
• Proficient in application/ technology architectural design principles, cyber threat assessments, software development life cycle, firewalls, data protection/ security, vulnerability scanning, application security, etc.
• Demonstrated expertise in the management of technology and application risks and controls
• Expertise in Information Security & Data Protection standards (like ISO 27001, PCI DSS, UAE IAS, SWIFT CSP, GDPR, UAE Data Protection, etc.).
• Strong knowledge of information Security, Data Protection and Banking / IT Systems.
• Ability to facilitate both technical and business discussions.
• Strong analytical mindset that allows you to deeply understand topics
• Excellent verbal and written communication skills combined with a knack for clear articulation
• Knowledge of Microsoft Office, MS project, MS Share Point, JIRA, Asana or other project management tools
• Certificates such as CISA, CISM, CISSP, Prince 2, PMP RMP, Agile PM, PMI-ACP, etc.
  

• Day-to-day management of information security projects requirements (agile and waterfall) for implementation of business applications and technology systems and including time, scope, budget, etc.
• Manage the internal relationship with Information Technology (IT) and PMO process owners supporting the service, assisting with the definition and requirements of Information Security requirements in line with Bank’s Information Security Policy.
• Identification and proactive management of projects risks and issues
• Supporting the EPMO / IT Project Managers to manage the backlog/requirement gathering and guide the team in balancing the priorities and scope
• Ensure the implementation of business applications and technology solutions adhere to bank’s information security policy and regulatory standards by cultivating a strong risk and control environment.
• Drive transparent, quantifiable, and long-lasting control improvements by working together with the internal information security team and other project implementation team like EPMO, IT, Business teams, etc.
• Provide clear direction to business, product, and technology stakeholders so they can manage their risks effectively.
• Contribute to the creation of a culture of risk and control that is centered on proactive awareness of and enhancement of the control environments.
• Work with the Contracts, Vendor Management and Compliance/Business departments to ensure that third-party suppliers contracts and operating-level agreements meet information security requirements.
• Lead and oversee budget, staffing, and contracting
• Work with and manage external vendors / auditors during assessments.

INSPIRE | EXHILARATE | DELIGHT

For over seven decades, Chalhoub Group has been a partner and creator of luxury experiences in the Middle East. In its pursuit to excel as a hybrid luxury retailer, the Group has curated a portfolio of over 10 owned brands and strengthened its distribution and marketing expertise for over 400 international names across luxury fashion, beauty, jewellery, watches, eyewear, and art de vivre categories.

Every step at Chalhoub Group is taken to build a future where luxury dreams become reality — bridging cultures and crafting memorable experiences for our consumers. Be it by constantly reinventing itself, committing to innovation, or embracing new technologies, the Group is shaping the future of luxury retail. It delivers seamless omnichannel experiences across more than 950 stores, online platforms, and mobile apps. Driving this innovation journey is The Greenhouse — the Group's innovation hub, incubator, and accelerator for startups and emerging businesses, regionally and globally.

Chalhoub Group fosters a people-at-heart culture rooted in diversity, equity, and inclusion, and a workplace catalysed by forward thinking and future-proofing. Today, it brings together over 16,000 talented professionals across eight countries in the Middle East, with a presence in LATAM. Their collective efforts have earned the Group the Great Place to Work certification in several markets.

Sustainability is at the core of the Group's strategy, guided by a clear commitment to people, partners, and the planet. Chalhoub Group is proud to be a member of the United Nations Global Compact, a signatory of the Women's Empowerment Principles, and to have pledged to reach Net Zero by 2040.

What You'll Be Doing

The Information Security Risk & Assurance Lead is responsible for establishing and leading Chalhoub Group's enterprise-wide security risk and assurance capabilities. This role drives the development of risk frameworks, control assurance, ISO 27001 and PCI DSS compliance, and IAM governance, while serving as a strategic advisor to executive leadership. It plays a critical role in embedding a culture of security risk ownership and awareness through robust processes, education, and engagement.

• Define and establish the Information Security Risk capabilities, including governance frameworks, policies, reporting lines, and operating model.
• Partner with Enterprise Risk and Internal Audit to embed security risk into the Group's Three Lines of Defence and Enterprise Risk Management (ERM) framework.
  Chair or co-chair relevant InfoSec risk committees or forums, providing credible challenge and escalation for emerging cyber risks across the business and technology estate.
• Act as the principal information security risk advisor to senior executives, business leaders, and functional heads.
• Translate complex technical risks into clear, actionable business insights and recommendations, aligned to Group objectives and risk appetite.
• Deliver quarterly security risk briefings, dashboards, and thematic risk deep dives for Executive Leadership and Board-level committees as required.
• Design and implement a scalable, metrics-driven security risk management framework covering risk identification, assessment, treatment, monitoring, and reporting.
• Establish and maintain a centralised Information Security Risk Register, ensuring ownership, tracking, and oversight of key risks and mitigation plans.
  Align Group risk methodologies to leading practices such as ISO 27005, FAIR, or NIST RMF where appropriate.
• Build and lead a risk-based security assurance programme in partnership with Internal Audit, covering internal audits, control testing, supplier reviews, and compliance assessments.
• Ensure continual improvement, compliance and ISO/IEC 27001 certification, driving maturity across the ISMS and control environment.
• Lead annual PCI DSS assurance and compliance programmes across retail, payments, and commerce channels.
• Provide assurance and second-line oversight over security incident management, including root cause analysis, response effectiveness, and post-mortem controls evaluation.
• Champion a culture of risk ownership, continuous learning, and control improvement following security events.
• Lead the development and delivery of a Group-wide information security risk education and training programme, tailored by audience and risk level.
• Equip business and technology stakeholders with practical knowledge to identify, assess, and own security risks as part of day-to-day operations.
• Collaborate with Group Risk, Internal Audit, and People & Culture to embed risk responsibilities into role-based learning paths, onboarding, and manager training.
• Track effectiveness of training initiatives through KPIs and maturity assessments, continuously evolving content and engagement strategies.
• Actively support a culture of proactive risk awareness, clear accountability, and continuous improvement across the organisation.

What You'll Need to Succeed

• The ideal candidate will bring deep expertise in information security and enterprise risk management, with relevant qualifications such as CISA, CRISC, or ISO 27005, and proven experience embedding risk frameworks aligned to ISO 27001, NIST RMF, or FAIR in complex, multinational environments.
• Minimum 7 years of experience in Information Security or Technology Risk roles, with at least 5 years in a leadership capacity.
• Demonstrated experience building or maturing a Group-level security risk and assurance function in a complex, regulated or multinational environment.
• Proven leadership in achieving and maintaining ISO 27001 certification, PCI DSS compliance.
• Solid understanding of frameworks and standards such as ISO 27001/27005, NIST CSF/RMF, COBIT, FAIR, and the Three Lines of Defence model.
• Experience designing and delivering enterprise training or awareness programmes on risk and compliance topics is a distinct advantage.

What We Can Offer You

With us,you will turn your aspirations into reality. We will help shape your journey through enriching experiences, learning and development opportunities and exposure to different assignments within your role or through internal mobility. Our Group offers diverse career paths for those who are extraordinary, every day.

We recognise the value that you bring, and we strive to provide a competitive benefits package which includes health care, child education contribution, remote and flexible working policies as well as exclusive employeediscounts.

We Invite All Applicants to Apply

It Takes Diversity Of Thought, Culture, Background, Differing Abilities and Perspectives to truly Inspire, Exhilarate and Delight our customers. At Chalhoub Group, we are committed to inclusion and diversity.

We welcome all applicants to apply and be part of our exciting future. We ensure equal opportunity for all our applicants without regard to gender, age, race, religion, national origin or disability status.

The Senior Manager, Security Operations & Incident Management spearheads the bank's security operations and oversees incident response efforts. This critical role supports the Chief Information Security Officer (CISO) office in ensuring the security and resilience of IT infrastructure and protecting bank data and systems from cyber threats.

• Oversight of daily SOC operations across 1LoD & 2LoD security teams.
• Development and implementation of security monitoring and incident detection strategies.
• Effective use of security tools and technologies to safeguard bank assets.
• Security alert monitoring and management of potential security incidents.
• Collaboration with internal and external stakeholders during incident response activities.

• Minimum 10 years of experience in information security, with at least 3 years in a leadership position.
• Strong knowledge of security frameworks, including ISO 27001 and NIST.
• Excellent understanding of regulatory requirements, such as GDPR, PCI-DSS, and UAE-specific regulations.

Join to apply for the Lead – Information Security Risk & Assurance role at Chalhoub Group

Join to apply for the Lead – Information Security Risk & Assurance role at Chalhoub Group

Get AI-powered advice on this job and more exclusive features.

INSPIRE | EXHILARATE | DELIGHT

For over seven decades, Chalhoub Group has been a partner and creator of luxury experiences in the Middle East. In its pursuit to excel as a hybrid luxury retailer, the Group has curated a portfolio of over 10 owned brands and strengthened its distribution and marketing expertise for over 400 international names across luxury fashion, beauty, jewellery, watches, eyewear, and art de vivre categories.

INSPIRE | EXHILARATE | DELIGHT

For over seven decades, Chalhoub Group has been a partner and creator of luxury experiences in the Middle East. In its pursuit to excel as a hybrid luxury retailer, the Group has curated a portfolio of over 10 owned brands and strengthened its distribution and marketing expertise for over 400 international names across luxury fashion, beauty, jewellery, watches, eyewear, and art de vivre categories.

Every step at Chalhoub Group is taken to build a future where luxury dreams become reality — bridging cultures and crafting memorable experiences for our consumers. Be it by constantly reinventing itself, committing to innovation, or embracing new technologies, the Group is shaping the future of luxury retail. It delivers seamless omnichannel experiences across more than 950 stores, online platforms, and mobile apps. Driving this innovation journey is The Greenhouse — the Group's innovation hub, incubator, and accelerator for startups and emerging businesses, regionally and globally.

Chalhoub Group fosters a people-at-heart culture rooted in diversity, equity, and inclusion, and a workplace catalysed by forward thinking and future-proofing. Today, it brings together over 16,000 talented professionals across eight countries in the Middle East, with a presence in LATAM. Their collective efforts have earned the Group the Great Place to Work certification in several markets.

Sustainability is at the core of the Group's strategy, guided by a clear commitment to people, partners, and the planet. Chalhoub Group is proud to be a member of the United Nations Global Compact, a signatory of the Women's Empowerment Principles, and to have pledged to reach Net Zero by 2040.

What You'll Be Doing

The Information Security Risk & Assurance Lead is responsible for establishing and leading Chalhoub Group's enterprise-wide security risk and assurance capabilities. This role drives the development of risk frameworks, control assurance, ISO 27001 and PCI DSS compliance, and IAM governance, while serving as a strategic advisor to executive leadership. It plays a critical role in embedding a culture of security risk ownership and awareness through robust processes, education, and engagement.

• Define and establish the Information Security Risk capabilities, including governance frameworks, policies, reporting lines, and operating model.
• Partner with Enterprise Risk and Internal Audit to embed security risk into the Group's Three Lines of Defence and Enterprise Risk Management (ERM) framework. Chair or co-chair relevant InfoSec risk committees or forums, providing credible challenge and escalation for emerging cyber risks across the business and technology estate.
• Act as the principal information security risk advisor to senior executives, business leaders, and functional heads.
• Translate complex technical risks into clear, actionable business insights and recommendations, aligned to Group objectives and risk appetite.
• Deliver quarterly security risk briefings, dashboards, and thematic risk deep dives for Executive Leadership and Board-level committees as required.
• Design and implement a scalable, metrics-driven security risk management framework covering risk identification, assessment, treatment, monitoring, and reporting.
• Establish and maintain a centralised Information Security Risk Register, ensuring ownership, tracking, and oversight of key risks and mitigation plans. Align Group risk methodologies to leading practices such as ISO 27005, FAIR, or NIST RMF where appropriate.
• Build and lead a risk-based security assurance programme in partnership with Internal Audit, covering internal audits, control testing, supplier reviews, and compliance assessments.
• Ensure continual improvement, compliance and ISO/IEC 27001 certification, driving maturity across the ISMS and control environment.
• Lead annual PCI DSS assurance and compliance programmes across retail, payments, and commerce channels.
• Provide assurance and second-line oversight over security incident management, including root cause analysis, response effectiveness, and post-mortem controls evaluation.
• Champion a culture of risk ownership, continuous learning, and control improvement following security events.
• Lead the development and delivery of a Group-wide information security risk education and training programme, tailored by audience and risk level.
• Equip business and technology stakeholders with practical knowledge to identify, assess, and own security risks as part of day-to-day operations.
• Collaborate with Group Risk, Internal Audit, and People & Culture to embed risk responsibilities into role-based learning paths, onboarding, and manager training.
• Track effectiveness of training initiatives through KPIs and maturity assessments, continuously evolving content and engagement strategies.
• Actively support a culture of proactive risk awareness, clear accountability, and continuous improvement across the organisation.
  
  

• The ideal candidate will bring deep expertise in information security and enterprise risk management, with relevant qualifications such as CISA, CRISC, or ISO 27005, and proven experience embedding risk frameworks aligned to ISO 27001, NIST RMF, or FAIR in complex, multinational environments.
• Minimum 7 years of experience in Information Security or Technology Risk roles, with at least 5 years in a leadership capacity.
• Demonstrated experience building or maturing a Group-level security risk and assurance function in a complex, regulated or multinational environment.
• Proven leadership in achieving and maintaining ISO 27001 certification, PCI DSS compliance.
• Solid understanding of frameworks and standards such as ISO 27001/27005, NIST CSF/RMF, COBIT, FAIR, and the Three Lines of Defence model.
• Experience designing and delivering enterprise training or awareness programmes on risk and compliance topics is a distinct advantage.
  
  

• Seniority level Director

• Employment type Full-time

• Job function Information Technology
• Industries Retail Luxury Goods and Jewelry

Referrals increase your chances of interviewing at Chalhoub Group by 2x

Get notified about new Information Security Specialist jobs in Dubai, Dubai, United Arab Emirates.

Dubai, Dubai, United Arab Emirates 1 year ago

Dubai, Dubai, United Arab Emirates 1 year ago

Ajman, Ajman Emirate, United Arab Emirates 6 months ago

We're unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.