Risk | Information Security and Confidentiality - Senior

Egypt, Jordan, Lebanon, Saudi Arabia | Enabling Functions | Posted on 06-Nov-2023

Position Summary

Amman, Beirut, Cairo, Jeddah

Deloitte, established globally in 1845, is the world’s largest and leading professional services firm, providing audit and assurance, tax, consulting, financial advisory, and risk advisory services to public and private clients spanning multiple industries. We are present in more than 150 countries, and as the world's largest management consulting business, Deloitte is distinct in its ability to help clients solve their most complex problems, from strategy to implementation.

Deloitte has a proud legacy in the Middle East region, with an uninterrupted presence since 1926, and is present across 29 offices in 15 countries. Over the last 96 years, we have served as trusted advisors for clients. Deloitte’s presence in the region has contributed to the advancement and growth of the professional services industry in the region.

We have received numerous awards in the last few years, such as Brand Finance’s strongest and most valuable "commercial services" brand in the world (2022), the Great Place to Work® and Best Workplaces™ in the UAE (2022), the Great Place to Work® and Best Workplaces™ in the KSA (2022), and "World’s Most Attractive Employers" (2022). These awards are a recognition of how Deloitte makes an impact that matters to its clients, talent, and society.

We invest in outstanding people of diverse talents and backgrounds and empower them to achieve more than they could elsewhere. Our work combines advice with action and integrity. We believe that when our clients and society are stronger, so are we. Our organization has grown in scale and diversity, providing services across the region, with our shared culture remaining the same. We aim to help clients realize their ambitions, make a positive difference in society, and maximize the success of our people. This drive fuels the commitment and humanity that run deep through our every action.

Information Security and Confidentiality Senior – Security Team | Central Risk Department 

During your tenure as a Information Security and Confidentiality Senior, you will demonstrate and develop your capabilities in the following areas:

·       Manage the Firm’s Confidentiality Program effectively, champion the roll out and provide necessary subject-matter oversight to have in place a governance mechanism, which will promote successful delivery of the program and capabilities.

·       Lead our organization’s Confidentiality Program strategy and influence the necessary cultural changes across the organization.

·       Facilitate development and sharing of leading practices amongst Chief Information Officers (CIOs) and Confidentiality champions.

·       Monitor effectiveness of overall Confidentiality Program efforts.

·       Interpret local and regional regulations, which might impact the security posture and compliance of Deloitte Middle East.

·       Maintain the Information Security Management Systems (ISMS) documentation and keep them relevant, accurate and up to date.

·       Conduct periodic risk assessments to identify threats and vulnerabilities applicable to Deloitte Middle East.

·       Perform periodic reviews against information security requirements related to data classification, clear desk policy, etc., and identify non-compliance.

·       Conduct periodic training and awareness sessions to impart key messages to Deloitte Middle East staff. Support ongoing awareness through channels such as email newsletters and brochures.

·       Review the performance of the ISMS on a periodic basis against pre-defined Key Performance Indicators (KPIs) and report status to the Chief Security Officer (CSO).

Leadership capabilities:

·       Builds own understanding of our purpose and values; explores opportunities for impact.

·       Demonstrates strong commitment to personal learning and development; acts as a brand ambassador to help attract top talent

·       Understands expectations and demonstrates personal accountability for keeping performance on track

·       Actively focuses on developing effective communication and relationship-building skills

·       Understands how their daily work contributes to the priorities of the team and the business


·       Graduate degree from a reputable University in Information Technology, Computer Science, project management specialization or related fields.

·       7+ years’ experience in information security, privacy and/or other technology-related experience.

·       Management experience in building and maintaining information security and privacy for large organizations.

·       Certified Information Security Manager (CISM) / Certified Information Systems Security Professional (CISSP).

·       ISO 27001 Lead Implementer / ISO 27701 Lead Implementer.