Information Security GRC Specialist

Company Description

This is B&S

B&S exists to make premium consumer goods available to everyone, anywhere. We believe that getting access to consumer products that bring joy and comfort into everyday lives, should be easy around the globe.

Are you curious about who we are as an employer and our thoughts on diversity and inclusion? Click here to find more information!

Job Description

This is you

You will ensure the secure operation of the B&S information assets in accordance with our internal processes, procedures, and compliance requirements as per the relevant ISO standards, regulatory frameworks applicable to B&S and industry best practices. The role will also oversee IT risk assessments, propose risk remediations, and perform vulnerability assessments and penetration testing.

Key Responsibilities

IT Governance

• Oversee and improve the information security programs including data governance, risk management, compliance and information security testing
• Review all new products, systems, or processes to ensure compliance against required standards, frameworks and best practices

IT Risk Management

• Spearhead the implementation of IT risk management function of the information security program to ensure IT risks are identified and monitored
• Assist to implement security controls that align with regulatory requirements
• Internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for B&S’ information systems

VAPT

• Perform information security tests and assessments on internal and external facing systems, networks and applications to identify vulnerabilities
• Be informed of the latest cybersecurity breaches and threats and advise the business accordingly

IT Compliance and Security Awareness Training

• Establish B&S’ information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations
• Evaluate compliance of B&S processes, procedures, systems and applications against the requirements of ISO 27001, ISO 22301, ISO 38500, PCI-DSS, CMMC and industry best practices
• Oversee periodical phishing simulations, security awareness trainings and propose improvements

Key Deliverables

• Deliver the annual information security and compliance team work schedule for B&S and ensure completion of the committed tasks within the agreed timeframes
• Maintain and monitor individual and team KPIs
• Conduct information security tests and assessments as per the annual test schedule and business requirements
• Develop test reports and share with relevant business stakeholders
• Oversee the IT risk assessments, maintenance of risk registers, and ongoing monitoring and maintenance of the same
• Improve B&S’ cyber security culture by assisting to disseminate training content to all staff through training videos, quizzes, posters, phishing simulations
• Collaborate in reviewing, developing and updating information security policies and procedures based on regulatory requirements, environmental and operational conditions and changes in technology

Qualifications

Requirements for the role

• Master’s degree in IT/ Computer Science/ Cybersecurity or CISSP or equivalent
• 6-8 years of experience in Cybersecurity and/ or IT governance, risk management and compliance
• Information security related training or certifications such as CEH, ISO 27001, CRISC, etc;
• Knowledge of information security risk management frameworks and compliance practices
• Understanding of common security standards and regulations (e.g., ISO 27001, ISO 22301, PCI-DSS, CMMC, etc.)
• Understand OWASP top 10 and SANS top 25 vulnerabilities
• Familiar with security assessment tools like Burp Suite, NMAP, WireShark, Open VAS or similar would be an added advantage
• Sound understanding of securing network technologies, client, and server operating systems
• Ability to develop security standards, standard operating procedures and guidelines based on best practices and industry standards
• Excellent interpersonal, communication, and presentation skills, including formal report writing experience
• Ability to work independently and collaboratively with peers and cross functional teams

Additional Information

We offer you

• A good salary fitting with your experience, plus a discretionary yearly performance-based bonus
• A good working atmosphere in a young and ambitious team.
• Company sponsored visa along with health insurance.
• Leave benefits as per UAE labour law.
• Annual air-ticket to your home country

Why join us?
This is an excellent opportunity to gain hands-on experience in Information Security Governance, Risk, and Compliance (GRC) within a dynamic business environment. You will work closely with our Information Security and Compliance teams, contributing to ensuring robust security controls and supporting strategic initiatives to protect our organization’s assets. This role will offer valuable exposure to managing risks, implementing security policies, and driving compliance across the business, giving you a chance to grow in the ever-evolving cybersecurity field.

Where will you be working?
You will be working in our Dubai office, where you will benefit from the guidance and support of our diverse team of experts. Alongside your responsibilities, you will have the opportunity to immerse yourself in a collaborative and innovative culture that emphasizes teamwork, integrity, and a commitment to maintaining the highest standards of information security.