Information Governance Manager

Job Description

GlobeMed Group, the largest Healthcare Benefits Management company in the MENA region is looking for an Information Governance Manager who will be accountable for the creation, implementation, and oversight of strategies and programs designed to reduce and mitigate information security risk across GlobeMed to a level tolerable to the organization. The role will establish and lead an enterprise-wide information security and assurance function, ensuring that confidentiality, integrity, and availability requirements of information systems and assets are identified and managed appropriately.

Main Duties:

1. Provide direction on information security to the information security staff, across the central IT division, and enterprise-wide.
2. Lead programs and processes to monitor the emergence of new threats and vulnerabilities, assessing impacts and driving responses as appropriate.
3. Ensure that clear and timely business advice is provided to executive management on key information security and assurance issues.
4. Establish an information security and risk management functional capability and framework across the organization.
5. Ensure that information security and risk is adequately represented on relevant business and governance forums and is known, well-integrated, and addressed across the enterprise.
6. Oversee and coordinate all aspects of alignment of Information Security Management System (ISMS) with ISO 27001.
7. Create, manage, deliver to the staff, and review effective information security awareness training.
8. Ensure that all IT and information security programs are in compliance with applicable laws, regulations, and policies.
9. Collaborate with application owners to understand and address (as appropriate) the risk position around key business applications and processes to build the Business continuity Plan and Disaster Recovery Plan
10. Conduct information security risk assessments across the enterprise at suitable intervals. Ensure that key risk issues are understood, communicated, and tracked on the risk register.
11. Regularly verify that required information security and risk controls are in place, raising findings as noncompliance is found and driving improvement.
12. Ensure that internal and external audits are supported in development of an annual strategic audit plan

Qualifications

• Bachelor Degree in communication engineering, computer science or Information systems
• 12+ years of experience in security related field.
• CISSP/CISM security certification
• Ability to handle security incidents
• Knowledge and expertise of security standards, concepts, principles and processes
• Hands on experience of Security Vulnerability Tools