Job Purpose:
This role will define, implement, and oversee the Company’s cybersecurity strategy, ensuring alignment with Emirates Group's Security policies, international standards, and regulatory requirements. The role involves leading risk mitigating efforts, enhancing cyber security governance and compliance with the cybersecurity standard.
Key Result Areas:
- Define and execute Company’s vision for cybersecurity policies, technologies, and metrics aligned with Emirates Group strategy, business priorities, and international standards (e.g., ISO/IEC 27000, PCI DSS, GDPR, ISR) focusing on risk reduction metrics, compliance audit success rates, and alignment with Group priorities.
- Define and implement a comprehensive risk management framework to address operational, legal, regulatory, and security risks in collaboration with Internal Audit and Group Cybersecurity to mitigate them.
- Lead the EKFC Cybersecurity Steering Committee to approve standards, processes, and compliance frameworks and update the Company’s Information Security Policy to ensure adherence to international standards and legal requirements.
- Collaborate with internal stakeholders, Group teams (IT, Legal, HR, Internal Audit) and third-party partners to ensure security controls are implemented and proactively monitored.
- Ensure near real-time log sharing with the Group Cyber Security Operations Centre for effective monitoring, prompt incident remediation, and continuous performance improvement through quarterly service reviews, with key indicators on incident resolution times and Security Operations Centre performance.
- Maintain KPIs and dashboards to provide all stakeholders visibility into the Company’s cybersecurity status to ensure data-driven decision-making through dashboard accuracy, stakeholder feedback, and adherence to SLA targets.
- Implement regular plans for vulnerability assessments, penetration testing, and technical risk assessments to ensure identified risks are tracked, mitigated, and closed with appropriate visibility to management based on agreed number of evaluations conducted, risk closure timelines, and management reporting.
- Ensure adherence of all IT services and projects to strict IT security guidelines and framework, maintaining SLAs with the business by proactively securing IT services.
- Promote cybersecurity awareness through training programs and simulations to increase vigilance and minimise human-related security incidents. This can be achieved by measuring participation rates, training effectiveness scores, and phishing simulation results.
- Ensure the security, integrity, and availability of EKFC's critical IT systems by proactively identifying and mitigating security threats to prevent disruptions, protect business processes, and minimize financial and reputational damage.
Knowledge, Skills & Minimum Experience:
Education Qualifications:
- Bachelor's (BE) or Master’s degree in Computer Science, Cybersecurity, Mathematics, or a related field.
- Professional certifications in Cybersecurity/IT Security/Risk Management
Work Experience:
- A minimum of 10 years of IT leadership experience, with at least 5 years’ experience of IT security leadership in a complex/hybrid environment.
- Lead cybersecurity for an organisation to leverage cloud-native applications, DevSecOps pipelines, and AI/ML technologies.
- Manage cybersecurity in a global organisation with complex supply chain dependencies and third-party integrations.
- Familiar with regulatory frameworks and standards like GDPR, ISR, and global privacy laws, with a focus on adapting to evolving data protection requirements.
- Able to implement and operate through a risk-based approach to cybersecurity, integrating predictive analytics for risk management.
Skills:
- Proficiency in modern security frameworks (ISO 27001, CIS Critical Security Controls, and Zero Trust Architecture)
- Advanced understanding of Cloud Security, including securing multi-cloud environments (Azure, AWS, Google Cloud).
- Experience with emerging security technologies, such as Extended Detection and Response (XDR), Security Automation (SOAR), and AI/ML-driven threat detection.
- Expertise in Development, Security & Operations practices, integrating security at all stages of software development and CI/CD (Continuous Integration/ Continuous Delivery) pipelines.
- Familiarity with securing Operational Technology (OT) and Internet of Things (IoT) devices, particularly in industries with automated environments.
- Strong leadership capabilities, with proven success in building and mentoring cross-functional cybersecurity teams.
- Effective communication skills to convey technical concepts to executive leadership and non-technical stakeholders.
- Strategic thinker with the ability to align cybersecurity initiatives with broader business objectives, particularly in the context of digital transformation.
- Expertise in driving continuous improvement initiatives, leveraging real-time data to optimise security processes and decision-making.
