sitemap
Information Security Compliance Officer
Abu Dhabi, United Arab Emirates
Be the First to Apply
Job Description
- Responsible for the planning, development and implementation of cybersecurity policies, procedures, standards, and controls. Leads day to day compliance audits/assessments, governance, and risk management functions to ensure the protection of corporate information systems, networks, and data.
Responsibilities
- Continuously validate the organization against policies, guidelines, procedures, regulations, and laws to ensure compliance.
- Develop an annual compliance plan to ensure adequate auditing of compliance to cyber security policies and guidelines.
- Develop and maintain detailed compliance monitoring mechanisms and frameworks.
- Execute periodic and ad-hoc compliance checks and cyber risk assessments to ensure that cyber security controls and measures are adherent to the mandated cyber security policies and guidelines.
- Develop policy compliance reports including required corrective actions and recommendations.
- Conduct cyber security risk assessments based on current state of adherence to policies and rate of adoption of security controls and mechanisms.
- Provide remedial actions against non-compliance and collaborate to develop plans to reach a state of compliance.
- Follow up on the implementation status of defined corrective actions to adhere to policies.
- Organize policies, standards training, and awareness based the on periodic release of updated regulations or compliance mechanisms as required.
- Assess the effectiveness of security controls.
- Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
- Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
- Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centres).
- Ensure compliance with regulatory requirements across the emirates such as ADHICS, Riyathi.
- Ensure compliance with the standards such as ISO 27001, SOC 2 & PCI DSS.
- Perform access review of the systems such as VPN, Removable Media, Audit logs, Admin access, Antivirus, PAM Access.
- Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
- Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
- Assure successful implementation and functionality of security requirements and appropriate policies and procedures that are consistent with the organization’s mission and goals.
- Manage Information Security Business Continuity Plans.
- Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
- Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
- Ensure the security of bio-medical equipment’s.
- Manage the internal relationship with information technology (IT) process owners supporting the service, assisting with the definition and agreement of Operating Level Agreements (OLAs).
- Ensure including information security requirements in project management and ensure the protection of data during the project management lifecycle.
- Develop the strategy, goals, and objectives for the cyber security training, and awareness program.
- Develop new or identify existing awareness and training materials that are appropriate for intended audiences.
- Evaluate the effectiveness and comprehensiveness of existing training and awareness programs.
Qualifications
- Bachelor’s degree in computer science/engineering, information security, software engineering, systems engineering, Electronics & Communication Engineering, or information systems.
- Lead Auditor/Implementer ISO 27001
- Lead Auditor/Implementer ISO 22301
- Certified Information Security Manger (CISM)
- Certified Information Security Auditor (CISA)
- Certified Risk and Information Systems Control (CRISC)
- Certified Information Systems Security Professional (CISSP)
- GRC Professional (GRCP)
- Certified Governance of Enterprise IT (CGEIT)
Job Info
- Job Identification 6909
- Job Category Administration
- Posting Date 03/07/2025, 10:51 AM
- Apply Before 04/21/2025, 10:51 AM
- Job Schedule Full time
- Locations NMC - Corporate, Alain Tower, Abu Dhabi, AE
Similar Jobs
I am an employee
This site uses cookies to deliver a better user experience. By using our Career Portal, you accept our use of cookies. Learn more
Are You Still With Us?
It seems you've been gone for a while. For security reasons we will end your session automatically in 03:00 unless you would like to continue working.
Work Summary
This summary is generated by AI Assist. Click inside the summary text box to make changes as necessary.
Page Information Security Compliance Officer - NMC Careers loaded
