Manager, Governance Risk and Compliance

Synopsis

As part of the Governance, Risk and Compliance team, this role is the Etihad subject matter expert responsible for managing the execution of the security risk management process, procedures, and guidelines—identifying, assessing, and controlling risks. They will also manage compliance assessments and preparation activities for audits and certification audits against various standards, tracking and reporting compliance implementation. This role involves cooperation with corporate compliance functions to harmonize security law enforcement activities, conducting IT compliance research, and analyzing requirement applicability.

Accountabilities

1. Proactively seek opportunities to improve the efficiency and effectiveness of the IT security compliance program.
2. Act as a communication channel to IT to receive and direct compliance issues for investigation and resolution.
3. Develop, review, and revise information security policies and supporting standards aligned with industry best practices and regulations.
4. Facilitate the development of remediation plans and ensure timely resolution of identified gaps.
5. Manage the execution of the security governance, risk, and compliance program, focusing on industry regulations, data privacy, and internal policies.
6. Manage enterprise tools supporting GRC activities and support service providers in delivering contractual security requirements.
7. Identify and evaluate IT security risk factors, ensuring adequate controls to mitigate risks and meet compliance requirements.
8. Demonstrate knowledge of regulatory requirements such as NESA, ISO 27001, PCI DSS, GDPR, etc.
9. Provide assurance that IT security risks are effectively managed during deployment of new or enhanced systems and processes.
10. Serve as the key contact for internal and external audits related to IT security.
11. Manage security awareness content development and conduct training and simulation exercises.
12. Oversee vulnerability detection and remediation programs, prioritizing vulnerabilities and creating reports and dashboards.

Education & Experience

• Knowledge of industry standards related to Information Security, risk management, and data privacy.
• Experience with GRC tools and vulnerability assessment/penetration testing tools.
• Understanding of regulations pertaining to Aviation, Information Security, and data privacy.
• Ability to manage security projects and teams effectively.
• Excellent communication skills.
• 7-12 years of experience in Cybersecurity with a focus on GRC.
• Graduate degree in Computer Science, MIS, or equivalent experience.
• Certifications such as CISSP, GIAC, CISM, CRISC, or equivalent.

About Etihad Airways

Etihad Airways, the UAE's national airline, was established in 2003 and has become a leading global airline. Based in Abu Dhabi, it operates flights to numerous destinations worldwide, with a network expanded through codeshare partnerships. Recognized for superior service, Etihad aims to double its fleet and triple its customer base by 2030 as part of its Journey 2030 strategy.

To learn more, visit etihad.com

Recruitment Fraud Alert

Beware of fraudulent job offers claiming to represent Etihad. We will never request personal information, bank details, or payments during recruitment. All interviews are conducted face-to-face or via secure video/telephone before any offer. If asked for money, treat it as fraudulent.