Information Security Manager

About the role

ARENGY is partnering with a leading Banking & Insurance company in Dubai to hire an Information Security Manager. The role will oversee information security risk, operations and governance, ensuring the Security Operations Center (SOC) runs efficiently and security incidents are handled promptly.

Key responsibilities

• Support the Regional CSO and Senior Information Security Manager in defining the Cyber Defense Strategy.
• Define and periodically update security policies and process frameworks.
• Manage security tools such as vulnerability scanners, policy compliance solutions, source code scanners and cloud security monitoring platforms.
• Define and maintain security KPI/KRI dashboards for internal and external committees.
• Govern SOC deliverables and monitor KPI compliance.
• Mentor and guide Security Analysts during alerts and investigations.
• Ensure the SOC monitors all operations and infrastructure from a security perspective.
• Support risk management activities, especially third‑party risk assurance and assessments.
• Respect the annual budget and achieve agreed IS targets (KPIs).
• Lead implementation of complex information security and cyber‑defense projects.
• Collaborate on data loss prevention and identity & access management programmes to protect critical assets.
• Ensure compliance with legal and regulatory requirements for cyber defence and SOC.
• Work with Platform Owners, Architecture and IT Operations to embed Security‑by‑Design and Privacy‑by‑Design.
• Lead and manage cyber‑defense governance committees, guidelines and correspondents.

Required profile

• Proven experience in information security governance and risk management.
• Ability to lead and mentor SOC teams and security analysts.
• Strong project management skills, including budgeting and KPI tracking.
• Experience collaborating with IT operations, architecture and platform owners.
• Familiarity with regulatory and legal compliance in the UAE banking/insurance sector.

Required skills

• Vulnerability scanning tools
• Policy compliance platforms
• Source code scanning solutions
• Cloud security monitoring tools
• Security Operations Center (SOC) management
• Penetration testing (pentest) coordination
• Risk management and third‑party risk assessment
• Data Loss Prevention (DLP) technologies
• Identity and Access Management (IAM) solutions
• Security KPI/KRI dashboard creation