Manager Cybersecurity Resilience - Risk The Emirates Group

Join our CyberSecurity team where we ensure a world-class CyberSecurity organisation based on the key principles of People, Process and Technology underpinned with executive endorsement of a multi-year strategy to continuously improve and develop. The team protects our digital assets by monitoring for threats, responding to incidents, managing vulnerabilities, and ensuring compliance with security policies and regulations. If you are passionate about CyberSecurity, we invite you to apply to play a crucial role in shaping the future of our technology initiatives at the Emirates Group.

As Manager Cyber Security Resilience Risk, you will lead the Group s cyber security risk posture by driving the implementation of the Cyber Security Risk Management Framework across Emirates Group globally, ensuring alignment with governance, regulatory, and industry standards. You will oversee risk through cyber risk scorecards covering technology, human, insider, and third-party risks, while partnering with business and IT stakeholders to embed a risk-based approach, provide advisory, and strengthen overall cyber resilience across the organisation.

In this role, you will:

• Oversee the group s cyber security risk posture and proactively drive remediation. Own a cybersecurity risk dashboard and a security business scorecard in line with risk appetite.
• Own third-party cybersecurity oversight for risk, oversee third parties compliance with Emirates Group policies, and own an inventory of third parties accessing our IT estate.
• Accountable for driving the group s cross-functional, risk-based cybersecurity approach, catering to differing risk appetites across our businesses.
• Own strategy and governance for Enterprise Cyber Security Risk and its integration into peer functions, such as Enterprise Architecture.
• Oversee, drive, and lead risk mitigation activities in collaboration with other cybersecurity resilience functions, cybersecurity defence, and the respective business stakeholders.
• Lead the global cybersecurity behaviour change programme, also known as cybersecurity awareness. Drive and develop strategies, and orchestrate awareness campaigns and data-driven (targeted) training interventions to educate Group company employees and support the first line of defence cyber security objective of educating and changing behaviour.
• Establish an insider risk program in close collaboration with HR and internal audit functions. Establish oversight by identifying and mitigating risks posed by individuals within the organisation.
• Drive industry best practice research for cybersecurity risk in alignment with other risk functions in the group, such as group safety and internal audit.

Knowledge and Skills:

• Strong stakeholder management
• Experience in third-party vendor management, ideally in cyber risk
• Strong risk management and thought leadership capability
• Experience managing risk within complex technology environments
• Thought leadership in human risk and behaviour change
• Strong understanding of metrics, including KPIs and OKRs
• Knowledge of security frameworks such as ISO 27001, NIST, CIS Controls, and others

Leadership Role: Yes