The Role:<\/p>\n
\tRegional Information Security Manager \u2013 Will be working as the MEA regional technical risk team to manage risk exposure and compliance across GCC\/Africa entities. Align with Cyber Strategy and Group CISO directives; deliver inputs to the Global Technology Risk Forum and host local technology risk forums; and integrate UAE PDPL, Dubai International Financial Centre (DIFC) Data Protection, Saudi SAMA Cybersecurity Framework, Saudi NCA Essential Cybersecurity Controls (ECC), South Africa POPIA, plus global frameworks (NIST CSF 2.0, ISO\/IEC 27001, ISO 31000, COBIT 2019, PCI DSS).
\n\tYou will work with Risk Managers at all regions and The Global Head of Technical Risk.<\/p>\n
Key duties and responsibilities:<\/p>\n
Security Engineering\u00a0<\/p>\n
\tMEA Regulatory Alignment: UAE (Federal PDPL): Govern consent\/legal bases, DPO roles, breach reporting, cross border transfer requirements; coordinate with UAE Data Office guidance.
\n\tDIFC: Apply DIFC data protection and recent amendments; manage scope across controllers\/processors and stable arrangements; ensure rights, transparency, and fines awareness.
\n\tSaudi Arabia: SAMA CSF for financial entities\u2014governance, defense, response\/recovery; maturity expectations.
\n\tNCA ECC (incl. ECC 2 updates): implement governance\/defense\/resilience\/third party\/cloud\/ICS controls; follow national reporting obligations.
\n\tSouth Africa (POPIA): Enforce lawful processing, breach notification, and data subject rights under POPIA and Information Regulator oversight.
\n\tFramework Integration: Map controls to Apex Gold Standard, NIST CSF 2.0, ISO\/IEC 27001:2022, ISO 31000, COBIT 2019; maintain PCI DSS readiness for payments.
\n\tMetrics, RCSA, & TRF: Define MEA KRIs\/KPIs; lead RCSA; drive remediation; publish Technology Risk Forum packs with clear risk narratives. Govern regional KRIs\/KPIs and ensure fit-for-purpose metrics mapped to risk appetite.
\n\tStakeholder Management & Communication: Coordinate with local regulators, business heads, and technology stakeholders; deliver concise executive-level presentations.
\n\tLead annual RCSA with ISO 31000 risk principles: close remediation actions.
\n\tMaintain compliance to NIST CSF 2.0, ISO\/IEC 27001:2022, COBIT 2019; sustain PCI DSS v4.0\/v4.0.1 for payments.
\n\tFeed clear, decision ready inputs to the Technology Risk Forum; coordinate with application\/infra\/service owners to turn metrics green.
\n\tDrive a Metric Rewrite Protocol for persistently failing metrics (RCA \u2192 redesign \u2192 pilot \u2192 cutover).
\n\tEnsure SOX 404 (where applicable) alignment for ICFR\/ITGCs, coordinate management assessment and external audit readiness.
\n\tDrive SecurityScorecard activities.
\n\tExecute delegated tasks as deemed appropriate by the Group CISO and other empowered Group Cyber leadership authorities, ensuring timely and effective completion in alignment with organizational priorities.
\n\tSupport the Group Cyber Strategy end-to-end, driving alignment of all activities, decisions, and deliverables with strategic objectives and business outcomes.<\/p>\n
Experience and Knowledge:<\/p>\n
\t10\u201315 years in Cyber risk\/ Technical Risk \/Compliance in GCC\/Africa financial institutions; practical delivery across UAE PDPL, DIFC, SAMA CSF, NCA ECC, POPIA landscapes.
\n\tExceptional communication, presentation, and articulation skills; ability to influence diverse stakeholder groups.
\n\tGood knowledge of cloud and hybrid security models (Azure, AWS, or equivalent).
\n\tIndustry certifications advantageous (e.g., CISM\/ CRISC, ISO 27001 Lead Auditor; cloud security certs.).
\n\tFamiliarity with frameworks such as ISO 27001, SOC 2, and NIST, MEA, PDPL,DIFC, NCA ECC, SAMA CSF, POPIA etc.
\n\tExperience with IAM\/PAM concepts and platforms (CyberArk, SailPoint, etc.) is beneficial but not required.
\n\tStrong analytical and problem\u2011solving skills with a methodical approach to security engineering.
\n\tAbility to communicate technical concepts clearly to both technical and non\u2011technical audiences.
\n\tHighly organized, with the ability to manage multiple tasks in a fast\u2011paced global environment.
\n\tPassion for continuous learning, upskilling, and improving security capabilities.<\/p>\n
What you will get in return:<\/p>\n
\tHigh visibility within a fast\u2011growing global organization.
\n\tOpportunity to work with a diverse and international team of security professionals.
\n\tExposure to leading security technologies across multiple environments and jurisdictions.
\n\tA role where your contributions directly improve the organization\u2019s security maturity.
\n\tProfessional development opportunities, including certifications and hands\u2011on learning.
\n\tA positive, supportive, and collaborative work environment.
\n\tA unique opportunity to grow within one of the world\u2019s leading independent fund administrators.
\n\t\u00a0<\/p>\n
go to method of application \u00bb<\/p>\n
Apply via company website ( https:\/\/www.apexgroup.com\/ ) or<\/p>\n
<\/p>\n","protected":false},"author":2,"featured_media":0,"template":"","meta":{"_promoted":"","_job_location":"","_application":"","_company_name":"Apex Group","_company_website":"https:\/\/www.apexgroup.com\/","_company_tagline":"Apex Group Ltd., established in Bermuda in 2003, is a global financial services provider. With 85 offices in 42 countries worldwide and 10,000 employees upon the close of announced acquisitions, Apex delivers an extensive range of services to asset managers, capital markets, private clients and f... read moreamily offices. The Group has continually improved and evolved its capabilities to offer a single-source solution through establishing the broadest range of services in the industry; including fund services, digital onboarding and bank accounts, depositary, custody and super ManCo services, business services including HR and Payroll and a pioneering ESG Ratings and Advisory service for private companies. 20 Reid Street, 3rd Floor, Williams House, Hamilton, P.O. Box 2460 HMJX HM12, BM","_company_twitter":"","_company_video":"","_filled":0,"_featured":0,"_remote_position":0,"_job_salary":"","_job_salary_currency":"","_job_salary_unit":""},"job_listing_region":[15],"job-types":[12],"class_list":{"0":"post-34081","1":"job_listing","2":"type-job_listing","3":"status-publish","4":"hentry","5":"job_listing_region-western-cape","7":"job-type-full-time"},"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/jobs.dataaxisnode.com\/southafrica\/wp-json\/wp\/v2\/job-listings\/34081","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jobs.dataaxisnode.com\/southafrica\/wp-json\/wp\/v2\/job-listings"}],"about":[{"href":"https:\/\/jobs.dataaxisnode.com\/southafrica\/wp-json\/wp\/v2\/types\/job_listing"}],"author":[{"embeddable":true,"href":"https:\/\/jobs.dataaxisnode.com\/southafrica\/wp-json\/wp\/v2\/users\/2"}],"wp:attachment":[{"href":"https:\/\/jobs.dataaxisnode.com\/southafrica\/wp-json\/wp\/v2\/media?parent=34081"}],"wp:term":[{"taxonomy":"job_listing_region","embeddable":true,"href":"https:\/\/jobs.dataaxisnode.com\/southafrica\/wp-json\/wp\/v2\/job_listing_region?post=34081"},{"taxonomy":"job_listing_type","embeddable":true,"href":"https:\/\/jobs.dataaxisnode.com\/southafrica\/wp-json\/wp\/v2\/job-types?post=34081"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}