Role Profile:

Alshaya employed a dedicated security team to implement and maintain the organization's information security program. Typically, this group is led by a chief information officer. The security group is generally responsible for conducting risk management, a process through which vulnerabilities and threats to information assets are continuously assessed, and the appropriate protective controls are decided on and applied. The value of an organization lies within its information and its security is critical for business operations, as well as retaining credibility and earning the trust of clients.
Information security programs are built around the core objectives of the CIA triad: maintaining the confidentiality, integrity and availability of IT systems and business data.

The below Key Performance Areas include but are not limited to:
 Define risk governance strategy and ensure alignment with business objectives
 Approve control frameworks and ensure cross-functional adoption
 Report risk trends and remediation status to executive leadership
 Govern exception policy and ensure audit readiness
 Ensure audit outcomes drive continuous improvement
 Lead enterprise-wide audit planning and regulatory alignment
 Present security metrics to board-level stakeholders
 Strategic alignment of risk assessments with business objectives
 Sponsor control initiatives and allocate resources
 Influence business decisions through risk intelligence
 Champion security culture and workforce engagement
 Govern enterprise investigation protocols and legal coordination
 Own Policy enforcement governance and regulatory reporting
 Define policy governance and ensure enterprise alignment
 Lead enterprise-wide security programs and stakeholder alignment
 Define exception handling strategy and oversee execution

Knowledge (Desired):
 Authority on ISO governance and regulatory alignment, ensuring frameworks are embedded across the organization.
 Strategic oversight of control architecture, ensuring alignment with compliance requirements and business objectives.
 Executive-level communication of risk posture, security strategy, and compliance status to leadership and stakeholders.
 Leadership in compliance governance, regulatory engagement, and fostering a culture of accountability.
 Effective stakeholder communication and coordination during investigations and legal holds.
 Oversight of performance measurement, continuous improvement, and reporting of security and compliance KPIs.
 Leads enterprise risk alignment, facilitates risk assessments, and engages executive stakeholders in mitigation strategies.
 Governs the full policy lifecycle, ensuring strategic alignment and enforcement of security policies.
 Leads enterprise-wide compliance and risk mitigation programs through cross-functional collaboration.
 Oversees breach response, including senior management notification and crisis management coordination.

Experience
 10 – 15 Years of Experience
 GRC Manager
 Professional Certification: CISM, CGEIT, ISO 27001 Lead Auditor, CIPM, CRISC, CISA PCI ISA

Skills:

 Proficient in Risk Management: Skilled in identifying, evaluating, and mitigating enterprise-level risks.
 Hands-on experience with GRC tools: Practical knowledge of platforms such as Archer, ServiceNow GRC, or equivalent for managing governance, risk, and compliance workflows.
 Strategic oversight of security controls: Ability to design, implement, and monitor control frameworks aligned with regulatory standards.
 Expertise in ISO and regulatory frameworks: Deep understanding of ISO standards and global compliance requirements (e.g., GDPR, PCI DSS).
 Policy governance: Capable of managing the full lifecycle of security policies and ensuring strategic alignment with business objectives.
 Compliance leadership: Drives compliance awareness and engagement across departments, including regulatory liaison.
 Risk communication: Communicates risk posture and mitigation strategies effectively to executive leadership and stakeholders.
 Incident response coordination: Leads breach response efforts, including senior management notification and crisis handling.
 Performance metrics and evaluation: Oversees the development and tracking of key performance indicators for continuous improvement.
 Cross-functional collaboration: Leads enterprise-wide initiatives for compliance, risk mitigation, and audit readiness.