Company Description
Momentum Corporate Services is a leading entertainment group based in Abu Dhabi, United Arab Emirates. Our portfolio includes mobile game development and publishing, virtual reality experiences, iGaming, esports management, and content platform services. We are dedicated to creating immersive and personalized entertainment experiences that push the boundaries of innovation in the industry.
For more information about Momentum Group, please visit our website at www.mgh.ae.
Requirements
Information Security Governance Framework
- Implement and maintain a governance framework that aligns with industry standards (e.g., ISO 27001, NIST CSF, GLI 19 Technical standards) and organizational goals.
- Define and enforce security policies, procedures, and guidelines that provide a structured approach to managing security across the business.
- Ensure alignment of security governance efforts with business objectives and regulatory requirements.
- Establishes a governance process for management of information security risks/incidents with regular governance forums held to surface key risks/issues that require wider management visibility and input
Infosec Risk Management & 3rd party governance
- Lead the development and management of a security risk management framework to identify, evaluate, and mitigate information security risks.
- Conduct Infosec risk assessments, including risk identification, analysis, prioritization, and remediation tracking.
- Collaborate with other security teams (e.g., SOC, Identity Access Governance, Architecture) to ensure risks are effectively addressed across the business.
- Develop and manage a third-party risk management program to assess and monitor security risks associated with vendors, partners, and contractors.
- Conduct initial and periodic risk assessments of third parties, ensuring they comply with our security policies & standards.
- Oversee third-party security requirements in contracts, service agreements, and ongoing relationships.
Infosec Audits & Assessments
- Coordinate internal and external security audits, including ISO 27001 gap assessments, GLI 19 Technical standards assessments, internal/external audits and other regulatory assessments.
- Act as the primary point of contact for auditors, ensuring timely and accurate delivery of evidence and documentation.
- Track and oversee the resolution of audit findings and ensure corrective actions are implemented effectively.
Infosec Metrics & Reporting
- Define and track key performance indicators (KPIs) and metrics to measure the effectiveness of Infosec governance, risk management, and compliance initiatives.
- Provide regular reporting to senior leadership and the Director of Infosec on the organization’s security posture, highlighting trends, risks, and areas for improvement.
- Ensure governance and risk reports are tailored to the needs of both technical and non-technical stakeholders.
Infosec policies & standards
- Maintain centralized documentation for security governance, risk management, and compliance programs.
- Ensure all governance processes, policies, and procedures are properly documented, version-controlled, and easily accessible for internal and external stakeholders.
Infosec Awareness & Training initiatives
- Develop and deliver information security training programs tailored to different levels of the organization.
- Enhance awareness of security policies and risk management practices across the organization, promoting accountability and adherence to security standard
- Define and implement a cyber awareness roadmap including a variety of initiatives to drive the importance of a shared responsibility for information security across the business
- Facilitate simulated phishing exercises to ensure the organization remains vigilant and aware of procedures to follow when dealing with phishing emails
Cross functional collaboration on Infosec initiatives
- Work closely with the SOC Senior Manager to ensure operational security practices align with governance policies and risk priorities.
- Partner with the Identity Access Governance Manager to validate compliance with access control policies and procedures.
- Coordinate with the Technical Compliance/Data Privacy Manager to align GRC efforts with data privacy requirements and regulatory frameworks.
- Collaborate with the Security Architect Senior Manager to ensure governance considerations are embedded into security architecture design and decision-making.
Continuous improvement of Infosec GRC practices
- Leads initiatives to enhance the maturity of our governance and risk management practices, benchmarking against industry best practices.
- Regularly reviews and update the governance framework, risk management processes, and compliance programs to ensure they remain relevant and effective.
- Identify opportunities for automation and process optimization to improve efficiency and reduce the administrative burden of GRC activities.
Qualifications
Bachelor’s Degree in the field of Cybersecurity, Information Technology, Business Administration, Risk Management, or Computer Science.
- Core certifications required for this role:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified in Risk and Information Systems Control (CRISC)
- ISO 27001 Lead Implementer or Lead Auditor
- Certified Information Systems Auditor (CISA)
- Governance of Enterprise IT (CGEIT)
One or many of these qualifications are preferred.
Experience Required
5-7+ Years in Information Security, Governance, or Risk Management
- Hands-on experience in developing and managing governance frameworks, risk management programs, and compliance initiatives.
Experience in Regulated Industries
- Prior work in industries such as finance, technology, or gaming, where regulatory compliance and risk management are critical.
Proven Track Record in GRC
- Experience leading governance, risk, or compliance initiatives, managing cross-functional projects, and driving organizational change.
Skills Required
- Familiarity of security frameworks and standards e.g. ISO27001, NIST CSF, COBIT, SOC 2, CIS Controls, PCI DSS
- Risk management expertise. Experienced in performing risk assessments, creating risk registers and implementing risk mitigation strategies.
- Proficient in managing internal/external audit assessments. Proven experience in preparing for and managing audits, including evidence collection and compliance validation.
- Strategic thinking. Ability to align security governance and risk initiatives with organizational goals and priorities.
- Communication and reporting. Strong skills in creating and presenting executive-level reports, dashboards, and metrics that provide insights into security posture and risk.
- Cross functional collaboration. Capability to work with diverse teams, including IT, legal, compliance, and executive leadership, to ensure cohesive governance practices.
Offer
- Fantastic new office on Yas Island.
- Opportunity to work for a growing start-up business.
- Chance to work with like-minded professionals.
- A diverse environment with a determination to reach our goals.
- Training and learning opportunities.
- Company benefits which support your health and well-being.
Interested? Do apply directly with your CV
#momentumservices #igaming #hiring #UAE #UAEjobs
