Regional Information Security Manager – Middle East and Africa at Apex Group

The Role:

• Regional Information Security Manager – Will be working as the MEA regional technical risk team to manage risk exposure and compliance across GCC/Africa entities. Align with Cyber Strategy and Group CISO directives; deliver inputs to the Global Technology Risk Forum and host local technology risk forums; and integrate UAE PDPL, Dubai International Financial Centre (DIFC) Data Protection, Saudi SAMA Cybersecurity Framework, Saudi NCA Essential Cybersecurity Controls (ECC), South Africa POPIA, plus global frameworks (NIST CSF 2.0, ISO/IEC 27001, ISO 31000, COBIT 2019, PCI DSS).
• You will work with Risk Managers at all regions and The Global Head of Technical Risk.

Key duties and responsibilities:

Security Engineering 

• MEA Regulatory Alignment: UAE (Federal PDPL): Govern consent/legal bases, DPO roles, breach reporting, cross border transfer requirements; coordinate with UAE Data Office guidance.
• DIFC: Apply DIFC data protection and recent amendments; manage scope across controllers/processors and stable arrangements; ensure rights, transparency, and fines awareness.
• Saudi Arabia: SAMA CSF for financial entities—governance, defense, response/recovery; maturity expectations.
• NCA ECC (incl. ECC 2 updates): implement governance/defense/resilience/third party/cloud/ICS controls; follow national reporting obligations.
• South Africa (POPIA): Enforce lawful processing, breach notification, and data subject rights under POPIA and Information Regulator oversight.
• Framework Integration: Map controls to Apex Gold Standard, NIST CSF 2.0, ISO/IEC 27001:2022, ISO 31000, COBIT 2019; maintain PCI DSS readiness for payments.
• Metrics, RCSA, & TRF: Define MEA KRIs/KPIs; lead RCSA; drive remediation; publish Technology Risk Forum packs with clear risk narratives. Govern regional KRIs/KPIs and ensure fit-for-purpose metrics mapped to risk appetite.
• Stakeholder Management & Communication: Coordinate with local regulators, business heads, and technology stakeholders; deliver concise executive-level presentations.
• Lead annual RCSA with ISO 31000 risk principles: close remediation actions.
• Maintain compliance to NIST CSF 2.0, ISO/IEC 27001:2022, COBIT 2019; sustain PCI DSS v4.0/v4.0.1 for payments.
• Feed clear, decision ready inputs to the Technology Risk Forum; coordinate with application/infra/service owners to turn metrics green.
• Drive a Metric Rewrite Protocol for persistently failing metrics (RCA → redesign → pilot → cutover).
• Ensure SOX 404 (where applicable) alignment for ICFR/ITGCs, coordinate management assessment and external audit readiness.
• Drive SecurityScorecard activities.
• Execute delegated tasks as deemed appropriate by the Group CISO and other empowered Group Cyber leadership authorities, ensuring timely and effective completion in alignment with organizational priorities.
• Support the Group Cyber Strategy end-to-end, driving alignment of all activities, decisions, and deliverables with strategic objectives and business outcomes.

Experience and Knowledge:

• 10–15 years in Cyber risk/ Technical Risk /Compliance in GCC/Africa financial institutions; practical delivery across UAE PDPL, DIFC, SAMA CSF, NCA ECC, POPIA landscapes.
• Exceptional communication, presentation, and articulation skills; ability to influence diverse stakeholder groups.
• Good knowledge of cloud and hybrid security models (Azure, AWS, or equivalent).
• Industry certifications advantageous (e.g., CISM/ CRISC, ISO 27001 Lead Auditor; cloud security certs.).
• Familiarity with frameworks such as ISO 27001, SOC 2, and NIST, MEA, PDPL,DIFC, NCA ECC, SAMA CSF, POPIA etc.
• Experience with IAM/PAM concepts and platforms (CyberArk, SailPoint, etc.) is beneficial but not required.
• Strong analytical and problem‑solving skills with a methodical approach to security engineering.
• Ability to communicate technical concepts clearly to both technical and non‑technical audiences.
• Highly organized, with the ability to manage multiple tasks in a fast‑paced global environment.
• Passion for continuous learning, upskilling, and improving security capabilities.

What you will get in return:

• High visibility within a fast‑growing global organization.
• Opportunity to work with a diverse and international team of security professionals.
• Exposure to leading security technologies across multiple environments and jurisdictions.
• A role where your contributions directly improve the organization’s security maturity.
• Professional development opportunities, including certifications and hands‑on learning.
• A positive, supportive, and collaborative work environment.
• A unique opportunity to grow within one of the world’s leading independent fund administrators.