INSPIRE | EXHILARATE | DELIGHT

For over seven decades, Chalhoub Group has been a partner and creator of luxury experiences in the Middle East. In its pursuit to excel as a hybrid luxury retailer, the Group has curated a portfolio of over 10 owned brands and strengthened its distribution and marketing expertise for over 400 international names across luxury fashion, beauty, jewellery, watches, eyewear, and art de vivre categories.

Every step at Chalhoub Group is taken to build a future where luxury dreams become reality — bridging cultures and crafting memorable experiences for our consumers. Be it by constantly reinventing itself, committing to innovation, or embracing new technologies, the Group is shaping the future of luxury retail. It delivers seamless omnichannel experiences across more than 950 stores, online platforms, and mobile apps. Driving this innovation journey is The Greenhouse — the Group’s innovation hub, incubator, and accelerator for startups and emerging businesses, regionally and globally.

Chalhoub Group fosters a people-at-heart culture rooted in diversity, equity, and inclusion, and a workplace catalysed by forward thinking and future-proofing. Today, it brings together over 16,000 talented professionals across eight countries in the Middle East, with a presence in LATAM. Their collective efforts have earned the Group the Great Place to Work® certification in several markets.

Sustainability is at the core of the Group’s strategy, guided by a clear commitment to people, partners, and the planet. Chalhoub Group is proud to be a member of the United Nations Global Compact, a signatory of the Women’s Empowerment Principles, and to have pledged to reach Net Zero by 2040.

What You'll Be Doing  

The Director of Information Security - GRC is a senior leadership role responsible for governing and institutionalizing cybersecurity risk, regulatory compliance, and control frameworks across Chalhoub Group’s global operations. This role leads the design, implementation, and continuous enhancement of enterprise-wide GRC programs, enabling risk-informed decision-making, regulatory confidence, and security accountability across all business units.

As a key member of the Group’s cybersecurity leadership team, this position partners with Legal, Internal Audit, Data Privacy, Procurement, HR, Retail Operations, and Technology to operationalize trust, embed policies, and ensure adherence to global and regional standards.

Key Responsibilities

GRC Strategy & Operating Model - Design and execute the Group’s Information Security GRC strategy, aligned with corporate risk management, technology transformation, and global expansion. Define the operating model, team structure, and KPIs to ensure scalable, repeatable, and effective governance practices.

Governance & Policy Management - Develop, maintain, and socialize Group-wide security policies, standards, and procedures in alignment with ISO 27001, NIST CSF, COBIT, and business objectives. Lead cross-functional governance forums and ensure policy integration with HR, Legal, and IT service management.

Risk Management & Control Frameworks - Own the Information Security Risk Management Framework (ISRMF): including identification, assessment, prioritization, treatment, and monitoring of security risks. Implement risk quantification models and dashboards (e.g., FAIR, GRC platforms). Embed risk management into project governance, third-party onboarding, and change management.

Regulatory Compliance & Audit Readiness - Ensure compliance with global and regional security and privacy regulations including: UAE PDPL, KSA PDPL, EU GDPR, PCI-DSS, ISO 27001/22301. Lead internal and external audits, including Group ISO certification efforts, customer security reviews, and regulatory inspections. Maintain audit evidence repository and collaborate with Internal Audit and Legal for closure of issues and recommendations.

Third-Party Risk Management - Own the end-to-end Third-Party Cybersecurity Risk Management (TPCRM) program. Define onboarding requirements, due diligence controls, contract clauses, and periodic reassessments. Collaborate with Procurement and Legal to ensure security risks are addressed during partner lifecycle.

Awareness & Training - Lead cybersecurity awareness and compliance education programs across the Group, including campaigns, simulated phishing, and executive training. Customize programs for different roles, departments, and markets to increase engagement and accountability.

GRC Technology & Automation - Manage the Group’s GRC platform. Integrate GRC systems with ITSM, Risk Registers, and Incident Management platforms. Continuously improve metrics, dashboards, and workflow automation for GRC lifecycle efficiency.

What You’ll Need To Succeed  

• Bachelor’s or Master’s degree in Cybersecurity, Information Assurance, Law, Risk Management, or a related field.

• Relevant certifications strongly preferred: CISM, CRISC, CGEIT, CISSP, ISO 27001 Lead Auditor, ITIL, or equivalent.

• 12+ years of progressive experience in cybersecurity or technology risk, with 5+ years in a senior GRC leadership role in a global enterprise or regional conglomerate.

• Strong understanding of Middle East regulatory requirements and global data protection laws.

• Proven track record managing multi-audit environments, cross-border compliance, and stakeholder engagement at C-level.

What We Can Offer You  

With us, you will turn your aspirations into reality.  We will help shape your journey through enriching experiences, learning and development opportunities and exposure to different assignments within your role or through internal mobility. Our Group offers diverse career paths for those who are extraordinary, every day.  

We recognise the value that you bring, and we strive to provide a competitive benefits package which includes health care, child education contribution, remote and flexible working policies as well as exclusive employee discounts.  

We Invite All Applicants to Apply

It Takes Diversity Of Thought, Culture, Background, Differing Abilities and Perspectives to truly Inspire, Exhilarate and Delight our customers. At Chalhoub Group, we are committed to inclusion and diversity.

We welcome all applicants to apply and be part of our exciting future. We ensure equal opportunity for all our applicants without regard to gender, age, race, religion, national origin or disability status.