Information Security Compliance Officer

NMC Royal Khalifa City • Full-time • أبو ظبي, AE • 2w ago

Job Description

Responsible for the planning, development and implementation of cybersecurity policies, procedures, standards, and controls. Leads day to day compliance audits/assessments, governance, and risk management functions to ensure the protection of corporate information systems, networks, and data.

Responsibilities

Continuously validate the organization against policies, guidelines, procedures, regulations, and laws to ensure compliance.
Develop an annual compliance plan to ensure adequate auditing of compliance to cyber security policies and guidelines.
Develop and maintain detailed compliance monitoring mechanisms and frameworks.
Execute periodic and ad-hoc compliance checks and cyber risk assessments to ensure that cyber security controls and measures are adherent to the mandated cyber security policies and guidelines.
Develop policy compliance reports including required corrective actions and recommendations.
Conduct cyber security risk assessments based on current state of adherence to policies and rate of adoption of security controls and mechanisms.
Provide remedial actions against non-compliance and collaborate to develop plans to reach a state of compliance.
Follow up on the implementation status of defined corrective actions to adhere to policies.
Organize policies, standards training, and awareness based the on periodic release of updated regulations or compliance mechanisms as required.
Assess the effectiveness of security controls.
Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centres).
Ensure compliance with regulatory requirements across the emirates such as ADHICS, Riyathi.
Ensure compliance with the standards such as ISO 27001, SOC 2 & PCI DSS.
Perform access review of the systems such as VPN, Removable Media, Audit logs, Admin access, Antivirus, PAM Access.
Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
Assure successful implementation and functionality of security requirements and appropriate policies and procedures that are consistent with the organization’s mission and goals.
Manage Information Security Business Continuity Plans.
Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
Ensure the security of bio-medical equipment’s.
Manage the internal relationship with information technology (IT) process owners supporting the service, assisting with the definition and agreement of Operating Level Agreements (OLAs).
Ensure including information security requirements in project management and ensure the protection of data during the project management lifecycle.
Develop the strategy, goals, and objectives for the cyber security training, and awareness program.
Develop new or identify existing awareness and training materials that are appropriate for intended audiences.
Evaluate the effectiveness and comprehensiveness of existing training and awareness programs.

Qualifications

Bachelor’s degree in computer science/engineering, information security, software engineering, systems engineering, Electronics & Communication Engineering, or information systems.
Lead Auditor/Implementer ISO 27001
Lead Auditor/Implementer ISO 22301
Certified Information Security Manger (CISM)
Certified Information Security Auditor (CISA)
Certified Risk and Information Systems Control (CRISC)
Certified Information Systems Security Professional (CISSP)
GRC Professional (GRCP)
Certified Governance of Enterprise IT (CGEIT)

Related Jobs

Senior Manager IT

Etihad • Full-time • أبو ظبي, AE • 11h ago

11h ago

Head of Risk and Compliance

ClearGrid • Full-time • أبو ظبي, AE • 19h ago

19h ago

Director, Technology

Hyde Johannesburg Rosebank • Full-time • أبو ظبي, AE • 20h ago

20h ago

Senior Manager, Tech Ops

Momentum • Full-time • أبو ظبي, AE • 1d ago

1d ago

IT Audit Manager

Wio Bank • Full-time • أبو ظبي, AE • 1d ago

1d ago

Senior Network Security Engineer

Alpha Data • Full-time • أبو ظبي, AE • 1d ago

1d ago

Network Security Engineer

Al Etihad Payments • Full-time • أبو ظبي, AE • 2d ago

2d ago

Senior Auditor, IT (Digital Infrastructure)

ADNOC Group • Full-time • أبو ظبي, AE • 3d ago

3d ago

Senior Cybersecurity Engineer-Air Traffic Management (Abu Dhabi, UAE)-28 Months

SEGULA Technologies • Contract • أبو ظبي, AE • 3d ago

3d ago

L2 Support Engineer – Retail Bank

TAT IT Technolgies • Contract • أبو ظبي, AE • AED 12k - AED 15k / month • 3d ago

3d ago