Senior Analyst - Information Security (GRC)

INSPIRE | EXHILARATE | DELIGHT

For over six decades, Chalhoub Group has been a partner and creator of luxury experiences in the Middle East. The Group, in its endeavour to excel as a hybrid retailer, has reinforced its distribution and marketing services with a portfolio of eight owned brands and over 300 international brands in the luxury, beauty, fashion, and art de vivre categories. More recently, the Group expanded its expertise into new categories of luxury watches, jewellery, and eyewear.

Every step at Chalhoub Group is taken with the customer at heart. Be it constantly reinventing itself or focusing on innovation to provide luxury experiences at over 750+ experiential retail stores, online and through mobile apps, each touch point leads to delighting the customer.

Today, Chalhoub Group stands for 14,000 skilled and talented professionals across seven countries, whose cohesive efforts have resulted in the Group being ranked third in the Middle East and first in Saudi Arabia as a Great Place to Work.

To keep the innovation journey going, the Group has set up “The Greenhouse”, which is not just an innovation hub, but also an incubator space and accelerator for start-ups and small businesses in the region and internationally. This is just one of the several initiatives taken by the Group to reinvent itself, catalysed by forward thinking and future-proofing. The Group has also been embedding sustainability at the core of its business strategy with a clear commitment towards people, partners and the planet, and by being a member of the United Nations Global Compact Community and signatory of the Women's Empowerment Principles.

What You'll Be Doing

• Develop, implement, and maintain information security policies, standards, and procedures.
• Ensure alignment of information security strategies with business objectives and regulatory requirements.
• Conduct regular reviews and updates of security policies to address emerging threats and changing business needs.

Risk Management:

• Identify, assess, and manage information security risks across the organization.
• Conduct risk assessments and develop risk mitigation strategies and maintain risks registers.
• Manage the Third-Party Risk Management (TPRM) process, including supplier security assessments, onboarding reviews, periodic reassessments, and maintenance of the supplier risk register.
• Monitor and report on risk management activities and the effectiveness of controls.
• Work with stakeholders to ensure that risk management processes are understood and integrated into business processes.

Compliance:

• Support implementation and ensure compliance with relevant regulations, standards, and frameworks (e.g., ISO 27001, NIST, GDPR, CCPA).
• Coordinate and manage internal and external audits and assessments.
• Develop and manage a compliance monitoring program to ensure ongoing adherence to regulatory requirements.
• Prepare and deliver reports on compliance status and activities to senior management.

Security Awareness:

• Develop and maintain the information security training and awareness programs though our e-learning platform or in person sessions.
• Promote a culture of security awareness throughout the organization.
• Collaborate with HR and other departments to ensure that security awareness initiatives are effectively communicated.

What You’ll Need to Succeed

• Bachelor’s degree.
• Minimum of 5 years of experience in information security governance, risk, and compliance.
• Relevant certifications such as CISSP,CISM, ISO27001or CISA.
• Certifications related to Information Security risk management, such as CRISC or ISO 27005, are an asset.
• In-depth knowledge of information security frameworks, standards, and regulations (e.g., ISO 27001, NIST, GDPR, CCPA).
• Strong analytical and problem-solving skills. High attention to detail, with the ability to perform routine analytical tasks such as risk analysis, reviewing and updating security questionnaires, and maintaining documentation with accuracy and consistency.
• Excellent communication and interpersonal skills.
• Ability to work independently and collaboratively in a team environment.
• Project management skills and the ability to manage multiple priorities.

What We Can Offer You

With us,you will turn your aspirations into reality. We will help shape your journey through enriching experiences, learning and development opportunities and exposure to different assignments within your role or through internal mobility. Our Group offers diverse career paths for those who are extraordinary, every day.

We recognise the value that you bring, and we strive to provide a competitive benefits package which includes health care, child education contribution, remote and flexible working policies as well as exclusive employeediscounts.

We Invite All Applicants to Apply

It Takes Diversity Of Thought, Culture, Background, Differing Abilities and Perspectives to truly Inspire, Exhilarate and Delight our customers. At Chalhoub Group, we are committed to inclusion and diversity.

We welcome all applicants to apply and be part of our exciting future. We ensure equal opportunity for all our applicants without regard to gender, age, race, religion, national origin or disability status.