At Careem, we are driven by the purpose of simplifying the lives of people and building an awesome organization that inspires.
Based in Dubai, we started our journey as a pioneer of the Middle East’s ride-hailing economy. Today, Careem is the region’s everyday Super App operational in 13 countries and over 100 cities.
The Super App provides a host of daily services that people need to move around, to order things and to transfer money in one unified smartphone app.
Our goal is to simplify people’s daily lives so that they can spend their precious time and mindshare on things that really matter and on realizing their potential.
Careem is looking for a GRC Security Analyst. The candidate will work with business teams across the global organization to execute the Information Security, Governance, Risk & Compliance strategy, extending processes as necessary to help business partners identify information security risks and manage risks to an acceptable level.
Collaborate and work with the GRC manager
Support the influence and socialization of Information Security controls, standards, policies, procedures, and communications.
Collaborate and work with the GRC manageAdvises process owners globally on Information Security controls needed for the mitigation of risks in accordance with the Information Security Process, Risk & Controls framework, and compliance with regulatory requirements and industry standards
Understands how to create comprehensive and various levels of Information Security metrics and reporting for leadership.
Support the coordination of Information Security awareness and training efforts across the global business units and subsidiaries.
Core Responsibilities :
Good understanding of regulatory and industry standards, including NIST Cybersecurity Framework (CSF), Payment Card Industry Data Security Standard (PCI DSS) and ISO framework.
Ensures that adequate information security contractual protections are included in third party vendor contracts by working with the Indirect Procurement, Data Privacy and the Legal teams.
Good understanding of Information Security risk registers to ensure that all Information Security risks are accurately represented and actively managed.
Ability to help and support business areas to recognizes IT / Security Risks
2+ years of experience in Information Security Governance, Risk and Compliance
Effective analytical, negotiation, facilitation, interpersonal, and stakeholder management skills
Experience creating and updating company policies, procedures and standards.
Experience working with NIST CSF (or similar) security framework, PCI DSS and HIPAA standards in operational IT environment required
Operational experience in applying risk frameworks to technologies (including cloud, containers) and continuous processes (including DevOps and Agile software deployment) very helpful
Working knowledge of compliance tools such as the Unified Compliance Framework (UCF) Common Controls Hub (CCH), and Information Risk Management tools helpful, but not required
Qualifications & Skills Required :
A degree in Computer Science, Computer Engineering or Electrical Engineering or obtained relevant security certifications
3+ years managing security-related projects
In-depth familiarity with security policies based on industry standards and best practices
Software development experience in at least 2 of these languages : (C / C++, Java, Python, Node, Rust, Go)
Experience with version control systems (Git etc), and familiarity with scripting in Bash or Python.
Experience working with AWS services
3+ years working within the information security field, with the understanding of concepts like security operations, incident management, intrusion detection, firewall deployment, and security event analysis
Ability to lead and communicate efficiently within a team environment
Advanced technical writing skills
Strong attention to detail