We are seeking a motivated and skilled Information Security Risk Manager with a strong background in information security Risk management willing to take on challenging assignments. The successful candidate will play an essential role in executing and optimizing Risk management framework, focusing on identifying, assessing, and mitigating information security Risks. This mid-level role requires both technical knowledge and effective communication skills to articulate complex security and Risk concepts to varied stakeholders. The role demands an understanding of regulatory requirements (e.g., UAE Information Assurance) and industry standards (e.g., NIST Risk Management Framework (RMF), ISO 31000, ISO 27001) along with practical experience in information security and Risk management. The candidate should have relevant experience, knowledge and skills to take up the below mentioned roles and responsibilities.
Role Description
- Conduct Information Security Governance, Risk & Compliance (GRC) consulting projects for customers globally using various International, National and Sectoral standards like PCI-DSS, ISO 27001, NIST CSF, RBI CSF, IRDA, NPCI, UIDAI etc.
- Define, document, implement, and refine information security management frameworks within client organizations. This includes Information security strategy, policies, procedures, standards, guidelines, SOPs, forms, templates, etc.
- Document/update Risk management methodology supported by a threat-vulnerability assessment in collaboration with key stakeholders within the organization.
- Assist in the implementation/maintenance of information security policies and procedures in compliance with governance, legal, contractual, or internal requirements.
- Conduct comprehensive Risk assessments in close coordination with internal and external stakeholders to enable informed decision-making by stakeholders while keeping business objectives paramount.
- Provide expert guidance to stakeholders in other departments for appropriate Risk treatment, monitoring and review.
- Review Cybersecurity and Risk aspects of business cases, IT application/infrastructure changes, project proposals, requirements, solution designs, and system architectures.
- Create and promote security awareness campaigns and conduct information security awareness programs to enhance the information security knowledge of staff and management on the latest threats and vulnerabilities.
- Effectively handling Project management, Team management and delivery management.
- Train the internal team on GRC & Risk assessment.
- Participate in presales meetings with prospective customers and offer specialized GRC and Risk management consulting services.
- Monitor and review information security compliance.
o Coordinate with the customer IT project management department, vendors, and consultants to
build an effective security program.
- Lead annual planning, information security architecture, and governance reviews for customer organizations.
2. Key Responsibilities:
- Knowledge of Risk management principles and conducting end-to-end Risk Management.
- Identify, assess, and prioritize information security Risks across the organization.
- Develop and maintain Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) to monitor and measure Risk levels and the effectiveness of Risk management efforts.
- Recommend and track the implementation of Risk mitigation strategies and controls.
- Conduct frequent Risk assessments and reviews to ensure the effectiveness of controls.
- Monitor and report on the status of Risk management activities and initiatives.
- Recommend enhancements to Risk assessment methodology.
- Maintain the Risk register within the GRC platform, ensuring it is updated with high- quality, relevant content.
- Experience with information security architectures and security assessments.
- Familiarity with systems, database, network, and application security will be an added advantage.
- Strong knowledge of GRC/Risk Management standards/frameworks such as ISO 27001,ISO 31000,ISO 27005, NIST RMF, CSF and regulatory frameworks like UAEs Information Assurance Standard, RBI CSF, etc.
- Assist in enforcing information security policies, procedures, and standards.
- Contribute to the maintenance of a governance framework for managing information security Risks.
- Provide expertise and guidance on information security matters to key stakeholders,
fostering strong working relationships across departments. - Serve as a liaison and advisor to customer IT project management, vendors, and consultants.
- Stay informed on emerging trends, threats, and technologies in information security.
- Recommend and implement improvements to the Risk management framework, tools, and methodologies.
Compliance & Risk Assessments
:
- Conduct independent security Risk assessments to support informed decision-making
aligned with business objectives. - Review the security aspects of business cases, IT applications, infrastructure changes, project proposals, requirements, solution designs, and system architectures.
- Conduct ISO 27001, PCI-DSS, and other compliance assessments as needed, especially for banking information security audits.
- Design and conduct innovative information security awareness programs to educate
employees and management about current threats and security best practices. - Train and mentor the internal team and clients on GRC, Risk assessment, and information security frameworks.
Project & Delivery Management
:
1. Oversee project management and delivery for assigned teams, ensuring alignment with client requirements and quality standards.
3. Required Certifications:
- Required: Any of the following certifications: CISSP, CISA, CISM, CRISC, CGEIT, GRCP, or GRCA. o Good to have: ISO 27001 Lead Auditor, ISO 27001 Lead Implementer, IAPP Certified, CDPSE,
CCSK, CCSP, CCAK, ISO 27701 privacy, ISO 20000, PCI QSA, ISO22301.
4. Other Skills:
- a) Strong analytical and strategic mindset in Cybersecurity Governance, Risk and Compliance domain.
- b) Strong acumen to communicate complex Cybersecurity concepts concisely and in a business context.
- c) Ability to collaborate with a broad range of business and technology stakeholders including top management representatives.
- d) Exceptional interpersonal relationship management and influencing skills.
- e) Should possess very good communication skills (strong written/spoken English language skills &
presentation skills). - f) Positive attitude, problem solving skills and attention to detail.
- g) Should be results-oriented and able to deliver within preset deadlines.
- h) Excellent Presentation & Internal as well as External Customer Facing skills.
- i) Should value quality and client satisfaction.
- j) Project Management skills and experience.
- k) Skilled to work with minimal supervision.
