UAE National_IT Security Specialist | Corporate Services | Group Tech & Digital Platforms

Job Requisition ID: 175161 

Established in the 1930s as a trading business, Al-Futtaim Group today is one of the most diversified and progressive, privately held regional businesses headquartered in Dubai, United A”rab Emirates. Structured into five operating divisions; automotive, financial services, real estate, retail and healthcare; employing more than 35,000 employees across more than 20 countries in the Middle East, Asia and Africa, Al-Futtaim Group partners with over 200 of the world's most admired and innovative brands. Al-Futtaim Group’s entrepreneurship and relentless customer focus enables the organisation to continue to grow and expand; responding to the changing needs of our customers within the societies in which we operate. 

By upholding our values of respect, excellence, collaboration and integrity; Al-Futtaim Group continues to enrich the lives and aspirations of our customers each and every day.

Overview of the role

The role supports the day-to-day operations of the Information Security function within the CISO office, combining operational security activities with Governance, Risk, and Compliance (iGRC) responsibilities. As a key member of the Information Governance, Risk, and Compliance (iGRC) subfunction, the role supports the development, implementation, and oversight of risk management practices to safeguard the organization’s digital assets and mitigate cybersecurity threats in alignment with Al-Futtaim Group Digital Risk Management and Enterprise Risk Management processes and standards.

The position acts as a central coordination point for digital risk activities across aligned enterprise business lines and supports collaboration across departments to strengthen security, risk management, and compliance outcomes. This role offers an opportunity to build hands-on experience across information security operations and digital risk management while contributing to the organization’s overall security posture.

What you will do

• Support the implementation and ongoing operation of digital risk management activities to identify, assess, and mitigate cybersecurity risks. Maintain and apply the established digital risk management framework aligned with recognized industry standards such as NIST, COBIT, and ISO/IEC 27001, and support periodic risk reviews and updates.
• Monitor and support compliance with applicable cybersecurity and privacy regulations and standards, including ADHICS, CBUAE-IA, PCI-DSS, ISO/IEC 27001, ISO/IEC 27701, ISO 22301, and ISO 28000.
• Assist in conducting gap assessments, tracking compliance requirements, documenting gaps, and supporting remediation actions to reduce regulatory, financial, and legal risk.
• Work closely with IT, compliance, legal, and business teams to support regular security assessments and compliance reviews. Coordinate inputs, follow up on actions, and support the execution of agreed remediation plans.
• Support the execution of security awareness initiatives through emails, posters, newsletters, and intranet communications to reinforce information security practices and promote a culture of security awareness across the organization.
• Assist with the planning, execution, and monitoring of simulated phishing exercises. Support analysis of results and dissemination of targeted awareness or follow-up training to improve employee awareness and response to phishing threats.
• Prepare and maintain operational documentation and reports related to security risk assessments, compliance reviews, and control effectiveness. Ensure findings, recommendations, and remediation actions are accurately documented and tracked to closure.
• Provide operational support for internal and external audits and regulatory inspections by coordinating evidence collection, tracking audit actions, and supporting closure of audit findings. Engage with internal and external auditors and internal stakeholders to support compliance with applicable standards and regulatory requirements, particularly within healthcare, insurance and automotive business lines.
• Support third-party risk assessments by applying defined risk scoring criteria based on inherent risk factors such as data sensitivity, system access, and business criticality. Maintain assessment records and support follow-up on remediation actions with vendors and internal stakeholders.

Required Skills to be successful

• Strong communication, analytical/problem solving skills.
• Ability to handle multiple complex tasks, highly organized, and detail oriented.
• Ability to maintain confidentiality of records and information.
• Strong documentation, reporting, and evidence management skills to maintain audit-ready risk registers, compliance trackers, and assessment reports.
• Resilient and has multi-tasking experience in a fast-paced environment, completing work with pace with quality discipline.

What equips you for the role

• Bachelor's degree in IT, computer applications or similar.
• Minimum 4 - 5 years of experience in Security Risk and Governance in a customer-facing capacity.
• Practical experience in information security governance, risk, and compliance (iGRC), including operational support for risk assessments, compliance reviews, gap assessments, and remediation tracking.
• Working knowledge of cybersecurity frameworks and standards, such as ISO/IEC 27001, NIST, COBIT, PCI-DSS, with hands-on experience supporting their implementation or assessment.
• Familiarity with regulatory requirements in the UAE and region, including ADHICS, CBUAE-IA, and experience supporting regulatory compliance activities and audits.
• Experience supporting third-party risk assessments, including inherent risk evaluation, risk scoring, documentation of findings, and follow-up on remediation actions.
• Professional certifications such as ISO 27001 Lead Implementer/Lead Auditor, CRISC, CISM or equivalent are preferred.

We’re here to provide excellent service but a little help from you can ensure a five-star candidate experience from start to finish.

Before you click “apply”: Please read the job description carefully to ensure you can confidently demonstrate why this opportunity is right for you and take the time to put together a well-crafted and personalised CV to further boost your visibility. Our global Talent Acquisition team members are all assigned to specific businesses to ensure that we make the best matches between talent and opportunities. We not only consider the requisite compatibility of skills and behaviours, but also how candidates align with our Values of Respect, Integrity, Collaboration, and Excellence.

As part of our candidate experience promise, we also want to make ourselves available to you throughout the application process. We make every effort to review and respond to every application.