Manager - Information Security (UAE National)

Job Purpose:

To lead Dubai Chambers Information Security function by establishing and overseeing robust cybersecurity strategies, governance frameworks, and risk management programs that safeguard information assets and support business continuity. The role ensures compliance and regulatory requirements, drives continuous monitoring and audit readiness, and enhances cyber resilience through proactive threat management and security awareness. The Manager collaborates with cross-functional stakeholders, adopts emerging technologies and best practices, and cultivates a strong security culture to protect IT systems and data in alignment with the organization's strategic objectives.

Key Accountabilities:

Audit Management

• Manage the timely planning and execution of information security audits to formally assess information security performance against defined security parameters, standards, regulations, and internal policies.
• Identify gaps, recommend corrective actions, and monitor remediation to ensure compliance and continuous improvement.
• Lead investigations related to information security breaches, ensuring root cause analysis is conducted and appropriate corrective and preventive actions are implemented.

Information Security Management

• Manage the organization's information security systems and controls, identifying and advising on risk mitigation activities related to systems, processes, and technologies.
• Ensure security risks are identified, assessed, and effectively controlled within acceptable risk levels.
• Oversee continuous security monitoring activities and ensure timely implementation of remedial actions to maintain compliance with regulatory and organizational security requirements.

Cybersecurity

• Ensure the implementation and continuous improvement of an information security strategy aligned with Dubai Chambers (DC) strategic goals and objectives.
• Perform security risk assessments and oversee the timely execution of cybersecurity initiatives while mitigating identified risks.
• Support the Director Information Security & Risk Management Office in evaluating cybersecurity controls to ensure effectiveness, compliance, and adherence to key policies and standards, and drive remediation efforts.
• Ensure the implementation and maintenance of the Information Security Management System (ISMS) and its controls across DC.
• Manage periodic reviews of compliance with cybersecurity regulations, frameworks, and control requirements.
• Promote and embed a strong cybersecurity culture across Dubai Chambers.
• Manage cybersecurity incidents, including response coordination, investigation, containment, and lessons learned.
• Develop, maintain, and enforce information security policies, procedures, standards, and controls to protect DC's information systems and networks from cyber threats.
• Manage internal and external information security and cybersecurity audits and submit findings and reports to the Director Information Security & Risk Management Office.
• Stay current with emerging cybersecurity threats, technologies, and best practices, and recommend enhancements to security controls and capabilities.
• Prepare and present periodic cybersecurity posture and risk reports, including recommendations for improvement, to senior management.
• Manage relationships with external security service providers, vendors, and strategic partners.

Information Security Documentation Management

• Review and approve all information security documentation prior to release, ensuring alignment with regulatory requirements, internal policies, standards, and best practices.
• Provide guidance and feedback on documentation improvements to ensure accuracy, completeness, and compliance.

Project Management

• Lead the planning, management and control of the various stages of Information Security related projects to ensure that the project cycle is completed, meeting agreed project parameters (cost budget, timelines, scope and Security), standards and objectives.

Market Knowledge

• Stay informed of regulatory changes, industry standards, emerging technologies, and international best practices within the information security domain.
• Assess the impact of these developments on departmental practices and recommend adoption of best practices where appropriate.

Information Security Governance & Team Responsibilities

• Align information security initiatives with Dubai Chambers strategic direction.
• Ensure information security objectives are achieved and risks are appropriately managed.
• Promote responsible and effective use of Dubai Chambers information and technology resources.
• Ensure continuous monitoring and improvement of the information security program.
• Develop and update information security policies, standards, and procedures based on risk assessment outcomes.
• Coordinate with senior management on the identification, classification, protection, and management of enterprise-wide information assets.
• Support senior management in fulfilling their information security responsibilities.
• Ensure organization-wide compliance with the information security management system and report implementation status to the Information Security Steering Committee.

Strategy and Performance Management

• Contribute to the development and execution of short- and mid-term departmental strategic plans aligned with corporate objectives.
• Support the development of annual business plans for assigned areas to achieve financial and strategic goals.
• Monitor, analyse, and report key performance indicators (KPIs), recommending corrective actions where required.

Team Management

• Manage and supervise direct reports to ensure efficient and effective execution of responsibilities in line with approved plans and policies.
• Lead performance management activities by setting objectives, providing coaching, mentoring, and regular feedback.
• Identify training and development needs and implement initiatives to maintain high competency and professional growth within the team.

Organization Structure

• Contribute to defining and maintaining an optimal departmental structure to ensure efficient workflows and effective utilization of resources.

Financial Accountability

• Contribute to departmental budget preparation and consolidation.
• Monitor financial performance and recommend corrective actions for any variances or inefficiencies.

Policies, Systems, Processes and Procedures

• Contribute to the identification of opportunities for the continuous improvement of departmental systems, policies, processes and practices considering international leading practices to improve productivity and operational efficiency.
• Provide critical input to support the development of Department's systems, policies, processes, and procedures to meet business requirements.
• Ensure team members comply with all Department's policies, processes, standard operating procedures and instructions so that work is carried out in a controlled and consistent manner.

Quality, Health, Security, Safety and Environment

• Ensure compliance with regulatory requirements and relevant quality, health, safety, security and environmental procedures and controls across the Department to guarantee employee safety and delivery of high-quality services.

Reporting

• Ensure that all departmental reports are prepared timely and accurately and meet Dubai requirements, policies and quality standards.

Others

Other relevant tasks of the job purpose when, and if required

Minimum Qualification

• Bachelor's degree in information security, Cybersecurity, Computer Engineering, Computer Science, or a related discipline.
• Master's degree in information security, Cybersecurity, Risk Management, or a related field is preferred.
• Professional information security certifications such as CISM, CISSP, or equivalent are preferred.

Minimum Experience and Skills

• 68 years of progressive experience in Information Security, with a minimum of 4 years in a managerial or supervisory role.
• Strong working knowledge of ISO/IEC 27001 Information Security Management Systems (ISMS).
• Strong and practical knowledge of information security principles, frameworks, standards, and procedures.
• Demonstrated experience in managing information security programs, audits, and risk management activities.
• Strong project management skills with the ability to plan, execute, and deliver security initiatives within agreed timelines and budgets.
• In-depth knowledge of information security domains and the ability to remain current with evolving threats, technologies, and best practices.
• Strong knowledge of Dubai Government security standards and regulatory requirements, including DESC frameworks and guidelines.
• Proven analytical, communication, and stakeholder management skills, with the ability to engage effectively with senior management and external partners.

Competencies:

• Information Security Policy & Planning
• Information Security Risk Management
• Cybersecurity Incident Management
• ISO/IEC 27001 & Regulatory Compliance (DESC)
• Information Security Audit & Assurance
• Network & Infrastructure Security
• Third-Party & Asset Security Management
• Security Governance & Reporting