Manager - Information Security & Data Privacy - Dubai, United Arab Emirates - Stanley Mac

    Stanley Mac
    Stanley Mac Dubai, United Arab Emirates

    1 week ago

    Description
    POSITION OVERVIEW

    The Manager - Information Security & Data Privacy is a strategic leadership role responsible for developing and executing comprehensive information security and data privacy programs that protect organizational assets, ensure regulatory compliance, and mitigate technology-related risks. This position requires a seasoned security professional who can balance technical expertise with business acumen to implement robust security frameworks adhering to international standards including UAE IA, PCI DSS, ISO 27001, GDPR, and other relevant regulations. The role serves as a critical liaison between internal teams, external vendors, and regulatory authorities while addressing risks across technology, privacy, business continuity, and data integrity.

    KEY RESPONSIBILITIES

    Strategic Security & Privacy Program Management
  • Develop and execute comprehensive information security and data privacy programs in close collaboration with senior leadership and executive management
  • Define and implement organization-wide security strategy aligned with business objectives and regulatory requirements
  • Establish governance frameworks and oversight mechanisms to ensure continuous security program effectiveness
  • Lead the development of multi-year security roadmaps and strategic initiatives
    • Risk Assessment & Management
  • Evaluate organizational risk posture through comprehensive risk assessments and vulnerability analyses
  • Provide strategic insights and recommendations for mitigating identified threats, vulnerabilities, and security gaps
  • Conduct regular threat modeling exercises and scenario planning to anticipate emerging security challenges
  • Develop and maintain risk registers, treatment plans, and mitigation strategies
  • Implement risk quantification methodologies to support informed decision-making
    • Regulatory Compliance & Standards Implementation
  • Implement and maintain compliance with regulatory standards including NESA (UAE IA Standards), PCI-DSS, SWIFT CSP, GDPR, CCPA, and other relevant requirements
  • Design and execute regular self-assessments, compliance monitoring programs, and internal audits
  • Coordinate external audits and regulatory examinations, ensuring successful outcomes
  • Build comprehensive compliance frameworks for all relevant jurisdictions and regulatory bodies
  • Monitor regulatory landscape for emerging requirements and proactively adapt security programs
    • Policy, Procedure & Standards Development
  • Develop and maintain comprehensive information security and data privacy policies, procedures, and standards
  • Ensure alignment with industry frameworks such as NIST, ISO 27001/27701, COBIT, and ITIL
  • Create clear, actionable guidelines that balance security requirements with business needs
  • Establish baseline security controls and configuration standards across technology platforms
  • Review and update documentation regularly to reflect evolving threats and business requirements
    • Stakeholder Education & Awareness
  • Guide stakeholders across the organization to understand and respond to security and privacy requirements within their functional areas
  • Create comprehensive training programs for employees and executives on regulatory compliance, security best practices, and data privacy
  • Develop security awareness campaigns to foster a culture of security throughout the organization
  • Conduct tabletop exercises and simulations to enhance organizational preparedness
  • Measure and report on training effectiveness and security awareness metrics
    • Vendor & Third-Party Risk Management
  • Manage vendor relationships to ensure secure data storage, handling, and processing practices
  • Conduct comprehensive third-party risk assessments and security due diligence reviews
  • Monitor and ensure adherence to vendor security and privacy compliance within contracted service-level agreements
  • Review and negotiate security requirements in vendor contracts and master service agreements
  • Establish ongoing vendor monitoring programs and periodic reassessments
    • Data Protection & Privacy Initiatives
  • Lead critical data protection initiatives including data classification, data loss prevention (DLP), and data lifecycle management
  • Implement privacy-by-design principles across technology projects and business processes
  • Develop and maintain data inventory and mapping documentation to support privacy compliance
  • Establish data retention and disposal policies aligned with regulatory requirements
  • Manage data subject rights requests and privacy incident response procedures
    • Security Operations & Incident Response
  • Serve as key member of Cybersecurity Incident Response Team (CIRT) responsible for handling security incidents and data breaches
  • Support incident investigations, forensic analysis, and root cause determination
  • Develop and maintain incident response playbooks and procedures
  • Coordinate breach notification processes and regulatory reporting requirements
  • Conduct post-incident reviews and implement lessons learned
    • Audit, Testing & Compliance Verification
  • Conduct comprehensive audits, compliance testing, gap analysis, and vulnerability assessments
  • Implement remediation tracking and validation processes for identified risk findings
  • Coordinate penetration testing and security assessments with internal and external teams
  • Develop and maintain compliance evidence and audit readiness documentation
  • Present audit results and remediation plans to senior management and audit committees
    • Security Architecture & Technology Controls
  • Collaborate with cross-functional teams for enterprise architecture review and long-term security planning
  • Evaluate and implement security technologies including SIEM, DLP, endpoint protection, and identity management solutions
  • Deploy governance, risk, and compliance (GRC) tools to streamline security operations
  • Provide security guidance for cloud computing initiatives and digital transformation projects
  • Assess emerging technologies including blockchain and Web3 for security implications
    • Performance Measurement & Continuous Improvement
  • Define quality metrics, key performance indicators (KPIs), and key risk indicators (KRIs) to assess program effectiveness
  • Establish security dashboards and reporting mechanisms for executive visibility
  • Conduct maturity assessments using industry frameworks to identify improvement opportunities
  • Benchmark security posture against industry peers and best practices
  • Drive continuous improvement initiatives based on metrics, trends, and stakeholder feedback
    • Knowledge Management & Industry Engagement
  • Maintain current knowledge base of security laws, regulations, emerging threats, and industry trends
  • Monitor threat intelligence sources and adapt security controls accordingly
  • Participate in industry forums, working groups, and professional associations
  • Contribute to the organization's security thought leadership and external engagement
  • Share insights and recommendations with leadership to strengthen organizational security maturity
    • QUALIFICATIONS & REQUIREMENTS

    Education
  • Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or related technical field
  • Master's degree in Cybersecurity, Information Security Management, or related discipline is highly preferred
    • Professional Certifications
  • Information Security & Governance: CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), CRISC (Certified in Risk and Information Systems Control), or COBIT certification
  • Privacy Management: Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), or certified as Privacy Implementer/Auditor (ISO 27701 Lead Implementer/Auditor)
  • Additional Certifications (Advantageous): CGEIT, CCSP, CEH, or blockchain/Web3 security certifications
    • Experience
  • Over 10 years of progressive experience in information security, data privacy, risk management, or related fields
  • Minimum 5 years in leadership or management roles with direct team supervision
  • Extensive experience in banking, financial services, or highly regulated industries
  • Proven track record of implementing security frameworks and achieving regulatory compliance
  • Experience managing security programs through audits, examinations, and regulatory reviews
    • Technical Expertise
  • Security Frameworks: Expert knowledge of NIST Cybersecurity Framework, ISO 27001/27002/27701, COBIT, and other industry standards
  • Regulatory Standards: Deep understanding of PCI-DSS, SWIFT CSP, NESA (UAE IA Standards), GDPR, CCPA, and relevant financial regulations
  • Business Continuity: Familiarity with ISO 22301 and business continuity management principles
  • Cloud Security: Knowledge of cloud computing security principles, practices, and compliance requirements (AWS, Azure, GCP)
  • Security Technologies: Experience with security tools including SIEM, IDS/IPS, DLP, IAM, endpoint protection, and vulnerability management platforms
    • Core Competencies
  • Leadership & Management: Proven ability to lead security programs, manage teams, and influence senior stakeholders
  • Risk Management: Advanced skills in conducting risk assessments, impact analysis, vulnerability assessments, and defining treatment strategies
  • Project Management: Strong project management capabilities including planning, budgeting, resource allocation, and stakeholder management
  • Communication Skills: Exceptional ability to engage with technical teams, executive management, and business personnel across all organizational levels
  • Analytical Skills: Expert analytical capabilities to connect security requirements with appropriate controls and business context
  • Training & Education: Demonstrated ability to train and educate staff in information security and data privacy awareness
  • Work in company

    Data Privacy Lawyer

    Only for registered members

    As a data privacy lawyer you will play a critical role in managing and minimizing privacy risks across the organization while ensuring compliance with global privacy laws across DET This role offers a strong opportunity for a junior legal professional to deepen their expertise in ...

    Dubai

    1 month ago

  • Work in company

    Data Management Consultant- Data Privacy

    Only for registered members

    We are looking for a Data Management Consultant with expertise in Data Privacy and Data Security to help drive projects across Data Management, Data Privacy, and Governance, · Drive data strategy & transformation programs · ...

    Dubai

    4 weeks ago

  • Work in company

    Data Management Consultant- Data Privacy

    Only for registered members

    + A leading global consulting and technology services organization is seeking a Data Management Consultant – Data Privacy & Security to contribute to enterprise data initiatives and ensure alignment with global regulatory and security standards. · Responsibilities:Drive data stra ...

    Dubai, Dubai

    2 weeks ago

  • Work in company

    Manager Data Privacy and Protection

    Stanley Mac

    The Manager of Data Privacy and Protection is responsible for conducting privacy risk assessments, facilitating privacy impact assessments, · 10+ years of information security experience3+ years of enterprise project management experienceStrong knowledge of information and cyber ...

    Dubai, United Arab Emirates

    1 week ago

  • Work in company

    Data Privacy Lawyer

    Only for registered members

    This role offers a strong opportunity for a junior legal professional to deepen their expertise in data privacy within a dynamic international environment while contributing to robust and practical privacy compliance across DET. · ...

    Dubai

    1 month ago

  • Work in company

    Data Management Consultant- Data Privacy

    Only for registered members

    A leading global consulting and technology services organization is seeking a Data Management Consultant – Data Privacy & Security to contribute to enterprise data initiatives and ensure alignment with global regulatory and security standards. · ...

    Dubai

    2 weeks ago

  • Work in company

    Data Management Consultant- Data Privacy

    Only for registered members

    Job Position -Data Management Consultant- Data Privacy & Security · We are looking for a Data Management Consultant with expertise in Data Privacy and Data Security to help drive projects across Data Management, · data privacy laws ,and security best practices to protect data thr ...

    Dubai

    2 weeks ago

  • Work in company

    Data Management Consultant- Data Privacy

    Only for registered members

    We are looking for a Data Management Consultant with expertise in Data Privacy and Data Security to help drive projects across Data Management, Data Privacy, and Governance, · Drive data strategy & transformation programs... · ...

    Dubai

    4 weeks ago

  • Work in company

    Data Consultant

    Only for registered members

    Help organisations protect data build trust and meet evolving regulatory expectations. · Advise clients on data privacy regulations policies and controls across data lifecycle activities · ...

    Dubai

    1 month ago

  • Work in company

    Manager - Privacy

    Only for registered members

    We are looking for a Privacy Expert to guide Majid Al Futtaim Retail in meeting evolving data protection requirements across all markets. · Solid understanding of data privacy regulations and the ability to ensure day‑to‑day compliance with privacy policies, standards, and proced ...

    Dubai, Dubai

    2 weeks ago

  • Work in company

    Associate Privacy

    Only for registered members

    The ideal candidate will have a university/college degree in a related field and LLB or JD equivalent from a recognized international law school. · ...

    Dubai

    1 month ago

  • Work in company

    Associate Privacy

    Only for registered members

    Supporting the Senior Privacy Officer in carrying out their day to day duties. This will include assisting with review of contracts and projects to identify and address data privacy issues, supporting on periodic training and awareness relevant to data protection, supporting on d ...

    Dubai, Dubai

    1 month ago

  • Work in company

    Assistant Manager Data Protection

    Only for registered members

    The Assistant Manager – Data protection role is to anticipate and identify data privacy risks, · and initiate corrective action where necessary, to protect the interests of the Group. · ...

    Dubai

    1 month ago

  • Work in company

    Data Protection Officer

    Only for registered members

    The Data Protection Officer (DPO) is responsible for ensuring Organization compliance with applicable data protection and privacy regulations. · ...

    Dubai, Dubai

    2 weeks ago

  • Work in company

    Data Protection Officer

    Only for registered members

    Ensure compliance with UAE Federal Decree-Law No. 45 of 2021 (Personal Data Protection Law PDPL), UAE Data Office regulations and applicable CBUAE requirements. · ...

    Dubai

    2 weeks ago

  • Work in company

    Data Protection Officer

    Only for registered members

    The Data Protection Officer (DPO) is responsible for ensuring Organization compliance with applicable data protection and privacy regulations, · Ensure compliance with UAE Federal Decree-Law No. 45 of 2021 (Personal Data Protection Law – PDPL), UAE Data Office regulations, and ap ...

    Dubai د.إ180,000 - د.إ320,000 (AED) per year

    1 day ago

  • Work in company

    Data Protection Officer

    Only for registered members

    The Data Protection Officer is responsible for ensuring Organization compliance with applicable data protection and privacy regulations. Regulatory Compliance & Governance · Advisory & Oversight · Data Subject Rights Management · Incident & Breach Management · ...

    Dubai

    2 weeks ago

  • Work in company

    Data Consultant

    Only for registered members

    We are looking to speak to individuals already based in Riyadh as a first priority. · Capco is a global technology and management consultancy specializing in driving digital transformation in the financial services industry. · Data Privacy Consultant · Location: Riyadh (Hybrid) | ...

    Dubai, Dubai

    1 month ago

  • Work in company

    Data Protection Officer

    GSSTech Group

    The Data Protection Officer (DPO) is responsible for ensuring Organization compliance with applicable data protection and privacy regulations, · overseeing lawful processing of personal and sensitive data, · and acting as the primary liaison with regulators on data privacy matter ...

    Dubai, United Arab Emirates

    1 week ago

  • Work in company

    Data Protection Officer

    Only for registered members

    EIX Consulting seeks an experienced Data Protection Officer to lead data protection compliance across the organisation. · ...

    Dubai

    1 week ago

Jobs
>
Dubai