Information Security Officer – IT – India – Alshaya Group

Spread the love

Job Summary:

The Alshaya group IS Security Governance, Risk, and Compliance (GRC) Officer develop and maintain information security policies and workforce training and awareness. 

The GRC officer serves as a critical resource for staff and leaders regarding information security policy implementation, interpretation, and compliance. 

The GRC officer assesses and prioritizes information security and cybersecurity risk across the organization, facilitates compliance with regulatory requirements and information security policies, and develops and reports on information security metrics.

The GRC Analyst is responsible for reducing information security and cybersecurity risk to UW Health by helping to prioritize and drive remediation efforts throughout the organization through the following:

• Establishing and maintaining governance and compliance standards.

• Conducting risk assessments to identify vulnerabilities internally and within vendor or third-party supplier products.

• Creating, maintaining, communicating, and enforcing information security policies.

• Advising senior leadership on risk management strategies, including risk mitigation, risk reduction, risk transfer, the risk exception process and residual risk analysis 

 

MAJOR RESPONSIBILITIES 

Governance and Compliance:

• Develops and implements a data security risk reporting framework, aligned with ISO, for management teams and governance committees.

• Designs and documents technical, administrative, and physical controls to ensure the business demonstrates compliance, ensuring that Alshaya meets both the requirements and intent of its regulatory and compliance obligations.

• Facilitates the remediation of control gaps and escalates critical issues to leadership.

• Manages an exception review and approval process, and assures exceptions are documented and periodically reviewed.

• Prepares for and facilitates examinations by qualified security assessors for regulations such as PCI DSS. Works closely with control owners and internal and external auditors to ensure requests are completed timely.

• Assists with the evaluation of the effectiveness of the information security program by developing, monitoring, gathering, and analysing information security and compliance metrics for management. 

 

Information Security Risk Assessment:

• Identifies, analyses, evaluates, and documents information security risks and controls based on established risk criteria.

• Conducts security risk assessments of planned and installed information systems to identify vulnerabilities and risks.

• Recommends controls to mitigate security risks identified via risk assessment process.

• Communicates risk findings and recommendations that are clear and actionable by business stakeholders. 

 

Job Details

Posted Date: 2024-09-18
Job Location: India
Job Role: Information Technology
Company Industry: Fashion & Apparel

Preferred Candidate

JobDXB.com, in partnership with the 7 states of the UAE (Abu Dhabi, Dubai, Sharjah, Ajman, Umm Al Quwain, Ras Al Khaimah, and Fujairah), is a leading job portal based in the country, connecting job seekers with opportunities across various industries in the region.

While we strive to provide a platform for employers and candidates to connect, it's essential to note that the content of job postings may vary, and we do not take responsibility for their accuracy or legitimacy. We advise applicants to exercise caution and diligence when applying for positions, ensuring thorough research and verification before proceeding with any application. Your career journey is important to us, and we encourage you to navigate it with care and discernment.