Information Security & Compliance Manager
On-site | Abu Dhabi
AppliedAI is a pioneering AI technology company headquartered in Abu Dhabi, committed to innovation and excellence in artificial intelligence solutions across regulated industries such as healthcare, insurance, government, and financial services.
We are seeking an Information Security & Compliance Manager to support our governance, risk, and compliance activities across multiple frameworks, certifications, and client requirements.
This role will manage day-to-day compliance operations, respond to customer assurance requests, and help maintain the company’s security posture as we scale.
You will work closely with Engineering, IT, Product, Legal, and People teams to ensure controls are implemented, evidence is maintained, and audits run smoothly. This role is hands-on, detail-driven, and suited to someone with a strong foundation in audit, risk, or security compliance.
Key Responsibilities:
Governance, Risk & Compliance
- Support delivery and ongoing maintenance of compliance frameworks including SOC 2 Type 3, SOC3, ISO 27001 and 42001, NIST CSF, HIPAA/HITRUST, GDPR, CSA STAR, and others as required.
- Maintain the ISMS, risk register, policies, controls, audit evidence, and compliance documentation.
- Coordinate internal and external audits, including evidence gathering, remediation tracking, and readiness assessments.
- Monitor compliance with regulatory requirements (e.g., GDPR, ADGM DP, HIPAA) and internal policy standards.
- Collaborate with Engineering, IT, and Product teams to ensure controls are embedded into operational processes and system designs.
Customer Trust & Vendor Assessments
- Manage and respond to customer security questionnaires, DDQs, vendor security assessments, and RFP security sections.
- Prepare and maintain trust documentation, security overviews, compliance packs, and attestations.
- Support enterprise customers during pre-sales and renewal cycles, ensuring consistent communication of our security posture.
Audit & Certification Management
- Coordinate continuous compliance activities for SOC 2, ISO 27001, and related certifications.
- Own audit preparation, evidence collection, corrective action plans, and audit follow-through.
- Manage relationships with auditors, external assessors, and penetration testing vendors.
- Maintain compliance tooling (Vanta and internal GRC platforms) and ensure data accuracy.
Operational Security Support
- Partner with engineering/IT on vulnerability management, access reviews, and control testing.
- Track remediation items and follow up on security tasks across the organisation.
- Support incident response with documentation, evidence, and compliance alignment where needed.
Awareness & Continuous Improvement
- Participate in security awareness initiatives, training content, and internal communications.
- Identify opportunities for automation and process improvement across compliance workflows.
- Contribute to maturing the organisation’s overall governance and risk posture.
Qualifications:
Required
- 4–7 years’ experience in security compliance, audit, risk, or GRC, ideally within a technology-driven or regulated environment.
- Hands-on exposure to SOC 2, ISO 27001, and related security or privacy frameworks (e.g., GDPR, NIST).
- Demonstrated experience supporting internal and external audits, including evidence collection, walkthroughs, remediation tracking, and control testing.
- Strong communication and documentation skills, with the ability to translate technical requirements into clear business guidance.
- Familiarity with broader regulatory and security standards such as HIPAA, HITRUST, CSA STAR, or Cyber Essentials.
- Comfortable working cross-functionally with Engineering, IT, Legal, People, and Operations team
Preferred:
- Professional certifications: CISA, CISSP, CISM, CRISC, ISO 27001 Lead Auditor/Implementer.
- Experience with GRC automation tools such as Vanta, Drata, Tugboat, Secureframe, or similar.
- Understanding of third-party risk management and supplier assurance.
- Exposure to incident response or operational security practices.
- Background in audit, controls testing, or risk advisory (e.g., Big 4).
- Knowledge of cloud security concepts (AWS, Azure, GCP).
Benefits:
- Opportunity to work with a leading AI technology company.
- Collaborative and innovative work environment.
- Growing, entrepreneurial and forward-thinking culture.
- Career growth and professional development opportunities.
- Exposure to a thriving ecosystem working from our Abu Dhabi HQ.
- 21 days of paid annual leave.
- Comprehensive private health insurance.
- Visa sponsorship for international candidates.
