Manager Digital Risk -Corporate Services - Group Technology

at  AlFuttaim

Established in the 1930s as a trading business, Al-Futtaim Group today is one of the most diversified and progressive, privately held regional businesses headquartered in Dubai, United A”rab Emirates. Structured into five operating divisions; automotive, financial services, real estate, retail and healthcare; employing more than 35,000 employees across more than 20 countries in the Middle East, Asia and Africa, Al-Futtaim Group partners with over 200 of the world’s most admired and innovative brands. Al-Futtaim Group’s entrepreneurship and relentless customer focus enables the organisation to continue to grow and expand; responding to the changing needs of our customers within the societies in which we operate.
By upholding our values of respect, excellence, collaboration and integrity; Al-Futtaim Group continues to enrich the lives and aspirations of our customers each and every day.

REQUIRED SKILLS TO BE SUCCESSFUL

• Strong expertise in configuring, customizing, and deploying Governance, Risk, and Compliance (GRC) tools.
• Experience with Information Security Management Systems (ISMS) and related frameworks (ISO 27001, COBIT, ITIL).
• Proficiency in conducting security risk assessments for AI systems and applications.
• In-depth knowledge of international cybersecurity standards (NESA, ADHICS, ISO31000, ISO 28001, ISO27005, ISO20000, PCI-DSS).
• Ability to conduct comprehensive risk assessments covering financial, operational, strategic, and compliance risks.
• Experience in developing and implementing action plans to mitigate identified risks.
• Ability to analyze potential security risks and develop metrics and reporting frameworks for KPIs and KRIs.

OVERVIEW OF THE ROLE

The Digital Risk Manager will develop, implement, and oversee strategies to protect digital assets and mitigate cybersecurity threats in line with Al-Futtaim Group standards. The role involves acting as a central liaison for digital risk management across various business lines, requiring expertise in the insurance, automotive, and financial sectors. Strong leadership, extensive cybersecurity and risk management experience, and the ability to drive cross-departmental collaboration are essential for ensuring top-level security and compliance.

WHAT YOU WILL DO

Strategic Contribution:

• Digital Risk Management: Lead the implementation of strategic initiatives and maintain a robust framework using industry standards (NIST, COBIT, ISO 27001) to mitigate cybersecurity threats and safeguard data.
• Utilize AI tools to enhance threat detection by analyzing large data sets, identifying patterns, anomalies, and potential security incidents in real-time.
• Compliance and Gap Assessment: Ensure adherence to evolving regulatory requirements and industry standards (ADHICS, NESA, PCI-DSS, ISO 27001, ISO 27701, ISO 22301, ISO 28000, SWIFT KYC), minimizing compliance risks.
• Vendor Risk Management: Develop and implement a comprehensive strategy to manage vendor-related risks aligned with the organization’s risk appetite and business objectives.

Tactical Contribution:

• Digital Risk Management Policies: Develop and maintain policies outlining roles, responsibilities, and risk assessment methodologies tailored to the organization’s risk landscape and objectives.
• Cross-Functional Collaboration: Work with IT, compliance, legal, audit, and business teams for regular security and gap assessments, ensuring comprehensive risk management.
• AI Governance: Govern and guide the ethical and compliant development and deployment of AI technologies, ensuring they are secure and properly managed.
• Security Awareness Campaigns: Conduct awareness campaigns and simulated phishing exercises to promote a culture of security and test employees’ susceptibility to phishing attacks, providing targeted training as needed.

WHAT EQUIPS YOU FOR THE ROLE

• Bachelor’s or Master degree in IT, computer application or similar.
• Minimum 10 - 13 years of experience in Security Risk and Governance in a customer facing capacity
• Certified Information Systems Security Professional (CISSP) certification is mandatory.
  We’re here to provide excellent service but a little help from you can ensure a five-star candidate experience from start to finish.
  Before you click “apply”: Please read the job description carefully to ensure you can confidently demonstrate why this opportunity is right for you and take the time to put together a well-crafted and personalised CV to further boost your visibility. Our global Talent Acquisition team members are all assigned to specific businesses to ensure that we make the best matches between talent and opportunities. We not only consider the requisite compatibility of skills and behaviours, but also how candidates align with our Values of Respect, Integrity, Collaboration, and Excellence.
  As part of our candidate experience promise, we also want to make ourselves available to you throughout the application process. We make every effort to review and respond to every application.