About the Job:
INSPIRE | EXHILARATE | DELIGHT
For over seven decades, the company has been a partner and creator of luxury experiences in the Middle East. In its pursuit to excel as a hybrid luxury retailer, the company has curated a portfolio of over 10 owned brands and strengthened its distribution and marketing expertise for over 400 international names across luxury fashion, beauty, jewellery, watches, eyewear, and art de vivre categories. Every step at the company is taken to build a future where luxury dreams become reality — bridging cultures and crafting memorable experiences for our consumers.
The company fosters a people-at-heart culture rooted in diversity, equity, and inclusion. Today, it brings together over 16,000 talented professionals across eight countries in the Middle East, with a commitment to sustainability, guided by a clear commitment to people, partners, and the planet.
Ready to apply for roles like this?
Unlock the company name and direct application link. Subscribers get instant access to fresh jobs across Dubai, Abu Dhabi and Riyadh, many with visa support.
Unlock employer & apply directly
Key Responsibilities:
- GRC Strategy & Operating Model: Design and execute the company’s Information Security GRC strategy and define the operating model, team structure, and KPIs.
- Governance & Policy Management: Develop and maintain company-wide security policies, standards, and procedures. Lead cross-functional governance forums.
- Risk Management & Control Frameworks: Own the Information Security Risk Management Framework (ISRMF) and embed risk management into various processes.
- Regulatory Compliance & Audit Readiness: Ensure compliance with global and regional security and privacy regulations. Lead audits and maintain an audit evidence repository.
- Third-Party Risk Management: Own the end-to-end Third-Party Cybersecurity Risk Management program.
- Awareness & Training: Lead cybersecurity awareness programs across the company, including campaigns and executive training.
- GRC Technology & Automation: Manage the company’s GRC platform and continuously improve GRC lifecycle efficiency.
What You’ll Need To Succeed:
- Bachelor’s or Master’s degree in Cybersecurity, Information Assurance, Law, Risk Management, or a related field.
- Relevant certifications strongly preferred: CISM, CRISC, CGEIT, CISSP, ISO 27001 Lead Auditor, ITIL, or equivalent.
- 12+ years of progressive experience in cybersecurity or technology risk, with 5+ years in a senior GRC leadership role.
- Strong understanding of Middle East regulatory requirements and global data protection laws.
- Proven track record managing multi-audit environments and stakeholder engagement at C-level.
What We Can Offer You:
The company recognizes the value you bring and strives to provide a competitive benefits package, including health care, child education contributions, remote and flexible working policies, and exclusive employee discounts.
Inclusivity Statement:
The company welcomes all applicants to apply and be part of an exciting future, ensuring equal opportunity for all without regard to gender, age, race, religion, national origin, or disability status.
