Senior Cyber GRC Manager at Careem

Careem is looking for a Senior GRC Manager who will work with the Engineering and other technical teams and business stakeholders across the global organization to execute the Information Security, Governance, Risk, and Compliance strategy, extending processes as necessary to help business partners identify information security risks and manage risks to an acceptable level.

Roles and Responsibilities:

• Support the influence and socialization of Information Security controls, standards, policies, procedures, and communications across the organization.
• Define and support the development of Information Security strategy within Careem.
• Drive the implementation of overall Information Security and GRC strategy.
• Communicate Information Security requirements to leadership to gather support and sponsorship for information security projects.
• Lead a team of experienced GRC Analysts and support their activities and professional development.
• Lead and support wider teams in defining plans for programs and projects and become a quality gate for all deliverables within the GRC department.
• Collaborate with DevOps and DevSecOps teams: Foster collaboration and understanding between GRC and DevOps teams, promoting a "security as code" mentality throughout the software development lifecycle (SDLC), embed GRC controls within the DevOps pipeline, automating compliance checks and risk assessments.
• Be a Cloud Security Champion: Deep dive into cloud security best practices and ensure cloud deployments adhere to strict security standards and compliance regulations, including IAM, Encryption and Key Management, Logging and Monitoring, and attack surface management.
• Support and Lead External Audit Activities: Prepare for and actively participate in external audits, ensuring all necessary documentation and evidence is readily available.
• Support external due diligence by collecting and archiving the needed security artifacts.
• Lead and work with the GRC analysts and advise process owners globally on Information Security controls needed for the mitigation of risks in accordance with the Information Security Process, Risk & Controls framework, and compliance with regulatory requirements and industry standards as appropriate.
• Act as a guiding force in brainstorming sessions with GRC analysts and support teams in making key program decisions.
• Reviewing and aligning deliverables from GRC analysts to ensure that they are aligned with management expectations.
• Ensure adequate information security contractual protections are included in third party vendor contracts by working with the Procurement, Compliance and the Legal teams.
• Support the coordination of Information Security awareness and training efforts across the global business units and subsidiaries.

Skills Required

• A degree in Computer Science, Computer Engineering or Electrical Engineering or obtained relevant security certifications.
• Certification preferred e.g., CISSP, CISM, CISA, CCSP, AWS Security Speciality.
• 10+ years of experience in Information Security Governance, Risk and Compliance.
• 5+ years of experience in managing multiple security-related projects simultaneously.
• Excellent understanding of regulatory and industry standards, including NIST Cybersecurity Framework (CSF), Payment Card Industry Data Security Standard (PCI DSS), ISO27001 framework and Cloud Security Alliance CSM.
• Proven experience in Security Management, Audit, Governance & Risk Management.
• Excellent understanding of Information Security risk registers to ensure that all Information Security risks are accurately represented and actively managed.
• Solid knowledge of cloud security principles and their implementation, especially on AWS.
• Good understanding of virtualization, containerization, and SDN.
• Solid knowledge of SDLC, CI/CD, and DevSecOps and how GRC can be integrated at every phase.
• Ability to lead and perform third-party risk assessments and manage the risk resulting from the supply chain.
• Proven understanding of how to create comprehensive and various levels of Information Security metrics and reporting (reporting and slide decks) for leadership.
• Solid technical and conceptual knowledge and experience of cyber security across a wide range of infrastructures and application systems.
• Experience in creating detailed Information Security policies and standards.
• Experience in working with multiple stakeholders in a variety of functions at multiple levels, including executive management.
• Experience in leading teams of GRC analysts.
• Excellent verbal & written communication skills.
• Proven stakeholder management skills.
• Excellent leadership and mentorship skills.