MANAGER CYBERSECURITY RESILIENCE - RISK

At Emirates, we believe in connecting the world, to and through, our global hub in Dubai; and in constantly innovating to ensure our customers ‘Fly Better’. Emirates Group IT thrives on the dynamic nature of technology. Being pioneers in aviation innovation, we're always at the forefront, pushing boundaries. We're on the lookout for exceptional IT professionals to fortify our position as leaders in the industry. Embark on a journey with the world’s largest international airline and become a vital part of our cutting-edge information and technology team as Manager - CyberSecurity Resilience Risk

Join our CyberSecurity team where we ensure a world-class CyberSecurity organisation based on the key principles of People, Process and Technology underpinned with executive endorsement of a multi-year strategy to continuously improve and develop. The team protects our digital assets by monitoring for threats, responding to incidents, managing vulnerabilities, and ensuring compliance with security policies and regulations. If you are passionate about CyberSecurity, we invite you to apply to play a crucial role in shaping the future of our technology initiatives at the Emirates Group.

As Manager – Cyber Security Resilience Risk, you will lead the Group’s cyber security risk posture by driving the implementation of the Cyber Security Risk Management Framework across Emirates Group globally, ensuring alignment with governance, regulatory, and industry standards. You will oversee risk through cyber risk scorecards covering technology, human, insider, and third-party risks, while partnering with business and IT stakeholders to embed a risk-based approach, provide advisory, and strengthen overall cyber resilience across the organisation.

In this role, you will:

• Oversee the group’s cyber security risk posture and proactively drive remediation. Own a cybersecurity risk dashboard and a security business scorecard in line with risk appetite.
• Own third-party cybersecurity oversight for risk, oversee third parties’ compliance with Emirates Group policies, and own an inventory of third parties accessing our IT estate.
• Accountable for driving the group’s cross-functional, risk-based cybersecurity approach, catering to differing risk appetites across our businesses.
• Own strategy and governance for “Enterprise Cyber Security Risk” and its integration into peer functions, such as Enterprise Architecture.
• Oversee, drive, and lead risk mitigation activities in collaboration with other cybersecurity resilience functions, cybersecurity defence, and the respective business stakeholders.
• Lead the global cybersecurity “behaviour change” programme, also known as cybersecurity awareness. Drive and develop strategies, and orchestrate awareness campaigns and data-driven (targeted) training interventions to educate Group company employees and support the first line of defence cyber security objective of educating and changing behaviour.
• Establish an “insider risk” program in close collaboration with HR and internal audit functions. Establish oversight by identifying and mitigating risks posed by individuals within the organisation.
• Drive industry best practice research for cybersecurity risk in alignment with other risk functions in the group, such as group safety and internal audit.

To be considered for the role, you must meet the below requirements:

• Degree or Honours (12+3 or equivalent) in Information Technology or a related field
• Preferred Master’s degree in Cybersecurity, Computer Science, Data Science, Engineering, or a related field
• Relevant professional certifications are a plus, including security frameworks such as ISO 27001, NIST, or CIS Critical Security Controls
• 10+ years of experience in cybersecurity, with a focus on governance and risk management
• 5+ years at a senior management level in IT Risk or Cybersecurity
• Hands-on experience in governance and cybersecurity risk and control frameworks
• Experience with business scorecards and metrics
• Hands-on experience in threat modelling (optional)
• Experience implementing security awareness programs

Knowledge and Skills:

• Strong stakeholder management
• Experience in third-party vendor management, ideally in cyber risk
• Strong risk management and thought leadership capability
• Experience managing risk within complex technology environments
• Thought leadership in human risk and behaviour change
• Strong understanding of metrics, including KPIs and OKRs
• Knowledge of security frameworks such as ISO 27001, NIST, CIS Controls, and others

Leadership Role: Yes

Join us in a management role and enjoy an attractive tax-free salary. On top of our generous travel benefits, including discounted flights and hotel stays around the world, this managerial role also has an excellent leave and healthcare package. That’s on top of transport benefits, life insurance and more. Find out what it’s like to live and work in our fast-paced, cosmopolitan home city in the Dubai Lifestyle section of our website www.emirates.com/careers