About the job Head of Information Security International - Emiratization
Our client is a well-known large financial services organization based in the UAE. They are looking to hire a driven & well-rounded Head of Information Security International within their Information Security Group department.
Our client operates as a global entity with a presence in multiple countries with different regulatory requirements. To cater to such diverse environment, the Head of Information Security International will be responsible for managing the local Information Security leads in the different regions where the company operates operates: USA, Egypt, Qatar, Bahrain, Kuwait, Pakistan, India, United Kingdom and Hong Kong.
Job Purpose
The role ensures that the local information security requirements are being addressed in alignment with the companys Global strategy and ISG Group policies. The role ensures that the international operations of ISG run smoothly and are in sync with the overarching goals set by the headquarters.
The role entails developing and implementing short to middle-term strategies for the local IS leads that align with organizational global objectives and directives.
The job holder will ensure maximum standardization of the local Information Security roles while creating flexibility for specific regional requirements. She/He will ensure efficient articulation of the local Information Security leads with Head Office functions inside ISG as well as outside.
The Head of Information Security International will be the local Information Security lead of companys London and Hong Kong businesses.
Key Result Areas
- Develop and manage a rolling 3-year Information Security International roadmap. Update roadmap annually based on changes in business priorities and evolving threat and risk universe.
- Develop, implement, and maintain comprehensive policies and procedures related to Information Security International in alignment with regulatory standards and best practices.
- Regularly review and update policies to adapt to evolving security threats and technological advancements.
- Ensuring clear and effective communication between headquarters and international branches to maintain alignment and cohesion.
- Identify, assess, report and drive mitigation of security risks associated with code, application and infrastructure assets.
- Ensuring compliance with regulatory requirements and internal security standards.
- Keep abreast of and ensure compliance with local information security requirements in all countries of operation.
- Lead and manage the Information Security International team, fostering a culture of continuous learning and improvement, and promoting the highest standards of professional conduct and ethical behavior.
- Ensure that management of local teams is consistent across all international locations while also being adaptable to local regulations and cultures.
- Oversees recruitment, retention, and development of talent globally, ensuring the right mix of local and international employees.
- Create a standardized system for evaluating and improving local employee performance across all countries in alignment with the companys global policies.
- Harmonize compensation and benefits packages to be competitive yet equitable across different regions considering local economical specificities.
- Establish comprehensive training programs that cater to the diverse needs of international employees.
- Foster an inclusive workplace culture that respects and integrates the diversity of the global workforce.
- Manage employee relations and serve as a mediator to resolve conflicts that may arise due to cultural differences.
- Demonstrate adoption of ISG vision, mission, cultural and operational objectives. Support actively key ISG transverse initiatives
- Manage Information Security International run the bank (RTB) and change the bank (CTB) activities to deliver quality results, on time and budget. Escalate in advance any alert, risk, critical dependency, and issue that arise with options for their management to ensure pro-active management and no surprises.
- Manage the Information Security International RTB and CTB budget inside approved forecast.
- Ensure preparation, execution and follow-up of regulatory examinations, audits, and assessment. Those reviews shall not result in any critical or high-risk issue for ISG or for the Information Security International.
- Ensure closing of all legal, regulatory and audit issues with the expected level of quality, in time and budget.
- Provide strategic oversite for New York office regarding compliance related to Information Security, Cyber Security, Data Privacy and other Industry and regulatory requirements.
- Oversite of New Yorks office technical and non-technical projects, systems, and contracts with respect to matter of Information and Cyber Security.
- Development and maintenance of documentation and implementation of security policies, procedures, and standards for the organization.
- Align security practices/procedures to the well-known information security standards/guidelines such as ISO27001, PCI/DSS, NIST etc., where applicable.
- Partner with the Business units, legal, human resources, security personnel, internal audit, and executive management in the development of these policies to ensure information technology resources are secure.
- Monitor compliance with the organizations security policies and procedures among employees, consultants and other third parties.
Knowledge, Skills and Experience
- 14+ years of experience in information security with at least 5 years experience in managing international information security teams in a financial institution/banks.
- A sufficiently senior level official who has management enterprise projects and has experienced coordinating direct and in-direct reports to senior management.
- Strong interpersonal, analytical, and technical skills.
- Strong in decision making and prioritization skills.
- Strong experience in Banking environment with strong understanding on key security frameworks such as ISO27001, PCI DSS, NIST 800-63
- Knowledge of general security concepts and methods such as vulnerability assessments, privacy assessments, intrusion detection systems, incident response, security policy creation, enterprise security strategies, etc.
- Certifications such as CISSP, CISA, SANS, and CISM preferred.
- OSCE, GCED, CCSK, Azure Security etc. are a plus.