Alshaya IT is a diverse organisation supporting corporate, warehouse and retail specific IT infrastructure and systems. We have software teams creating and developing in-house applications and product teams optimising and integrating major third party solutions. The rate of growth across divisions and geographies means we are constantly evaluating how we provide robust, scalable and business enabling infrastructure and systems in line with global benchmark standards.
Role Profile:
This role involves leading and developing information security aspects for new and existing technologies and project requirements. The successful candidate will work closely with business stakeholders and IT teams to define, architect document, and implement security controls that ensure the availability, integrity, and confidentiality of our information assets.
The below Key Performance Areas include but are not limited to:
Key responsibilities include providing subject matter expertise in the design, operation, and maintenance of security requirements across the organization. The role will enable internal stakeholders to create a best-in-class ecosystem to support Alshaya information security needs. This role is also responsible for promoting agreed-upon architectural principles, standards, and design patterns, and advising on security requirements for multi-cloud and/ on-premises solutions.
The ideal candidate will collaborate with and influence cross-functional teams to help address security risks unique to each business divisions's risk profile.
Roles and responsibilities include:
Design and implement tailored security solutions that meet Alshaya's requirements, including creating detailed security blueprints for both on-premises and cloud-based applications.
Analyze current and target state architectures to develop a security strategy, identify design gaps, and propose solutions to prevent recurring threats.
Develop techniques and patterns for secure integration with external vendors and cloud providers.
Lead the planning, design, documentation, and engineering of Alshaya-wide security and compliance solutions.
Absorb and understand business requirements, and ensure security requirements and controls and enforced
operate Architect, design, implement, maintain, and security controls and countermeasures for information systems.
Evaluate and architect technologies designed to protect information.
Create and maintain processes and procedures within the security architecture domain.
Identify and mitigate security risks through threat modelling and security gap assessments.
Collaborate with peers to ensure compliance with relevant regulatory and contractual security requirements.
Communicate & enforce security policies and procedures and requirements clearly to both technical and non-technical stakeholders.
Conduct complex risk analyses for information systems' security and recommend innovative solutions.
Work with users, developers, third party providers, and other technical stakeholders to integrate security considerations into development and operational decisions.
Ability to identify threats/risks
Ability to apply knowledge of security domains including but not limited to common threats and vulnerabilities, Network, Identity, and Backup to different business scenarios
Extensive ability to estimate, plan, lead and execute complex technical projects while working independently and/or in a team. Undertaking and completing project tasks on schedule with minimal to no supervision.
Knowledge:
Hands on knowledge to complete assessments using industry-standard and organizationally accepted analysis principles and methods.
Advanced knowledge of common attacks, attack methods, and defense architectures.
Familiarity with cybersecurity frameworks and standards (e.g., ISO 27000, NIST, PCI) and industry-relevant regulations guiding architectural requirements.
Experience in developing and designing security best practices for all layers of the hosting and application stack in both cloud and on-premises environments.
Ability to establish strategies for and implement cloud enterprise solutions in AWS, GCP, or Azure.
Knowledge of Identity and Access Management (IAM), cryptography/key management, secrets management, access controls, and security protocols (e.g., multi-factor, SAML, OAuth, OIDC).
Understanding of application security implementations and best practices.
Proficiency in threat modeling (e.g., STRIDE, PASTA, OCTAVE).
Knowledge of cryptographic technologies, including transit encryption, storage encryption, hashing, KMS, digital signatures, etc.
Subject matter expertise in cloud architectures, secure integrations, data protection, IT risk, network security, application security, and Identity and Access Management.
Deep knowledge of securing complex hybrid architectures.
Experience:
5-6 years of relevant security architecture experience
Bachelors , Computer Sciences, Computer Engineering, Information Security, or other related engineering degree, or equivalent experience.
About Us:
Alshaya Group is a dynamic family-owned enterprise which was first established in Kuwait in 1890. With a consistent record of growth and innovation, Alshaya Group is one of the world’s leading brand franchise operators, offering customers an unparalleled choice of well-loved international brands, including: Starbucks, H&M, Mothercare, Debenhams, Cos, American Eagle Outfitters, P.F. Chang’s, The Cheesecake Factory, The Body Shop, M.A.C, Victoria’s Secret, Boots, Vavavoom, Pottery Barn and KidZania.
Alshaya Group’s portfolio extends across MENA, Russia, Turkey, and Europe, with thousands of stores, cafes, restaurants and leisure destinations, as well as a growing online and digital business.
Operating in multiple sectors including Fashion, Food, Health & Beauty, Pharmacy, Home Furnishings and Leisure & Entertainment, Alshaya Group colleagues are united by a commitment to delivering great customer service and brand experiences.
Fresh, modern, and relevant, Alshaya’s constantly evolving retail portfolio reflects the choices and lifestyle of its customers. From flagship stores and restaurants in prestige malls, to local coffee shops, drive-thrus and online, Alshaya Group brings customers the brands they love in the places they want to be.