The Security Compliance Officer is vital in ensuring the organization's security posture remains strong, compliant, and resilient against emerging threats and regulatory changes
Key Responsibilities:
Security Compliance Management:
- Develop and maintain security policies, procedures, and standards in line with industry best practices and regulatory requirements
- Monitor and evaluate the organization's security posture to ensure compliance with relevant laws and regulations
- Conduct regular security risk assessments and audits to identify potential vulnerabilities and areas for improvement.
- Implement controls and measures to address identified security risks and ensure continuous compliance
Regulatory Compliance:
- Stay abreast of relevant security regulations, industry standards, and frameworks (e.g., NESA, GDPR, ISO 27001, NIST) and ensure the organization's adherence to them
- Collaborate with legal and regulatory teams to ensure compliance with data protection and privacy laws
- Prepare and submit compliance reports to regulatory bodies as required
Security Training and Awareness:
- Develop and deliver security awareness training to employees, promoting a culture of security consciousness throughout the organization
- Coordinate with HR and other departments to ensure all employees are adequately trained on security policies and procedure
Incident Response and Management:
- Work with the Incident Response Team to manage security incidents and breaches, ensuring timely and appropriate responses
- Investigate security incidents and implement measures to prevent their recurrence
Vendor Management:
- Evaluate the security posture of third-party vendors and service providers to ensure their compliance with security standards
- Establish security requirements for vendors and monitor their compliance throughout the relationship
Compliance Monitoring and Reporting:
- Monitor security controls and compliance metrics regularly to identify trends and potential issues
- Prepare and present compliance reports to senior management and stakeholders
Security Awareness and Education:
- Promote security awareness and education among employees, contractors, and other stakeholders
- Conduct training sessions and workshops to enhance security knowledge and practices
Education, Experience and Required Skill:
- MSc Degree in Information Security or related field
- CISSP certification required; CRISC, CISA, CISM or ISSMP is an advantage
- Minimum 10 years previously on Cybersecurity experience with CISSP and CISM Certifications
- An understanding in DevSecOps practices and AWS / Azure/ GCP services. Appreciation of both UAE/GCC law and international best practice relating to data protection and cyber law
- Proven experience in security compliance, risk management, or related fields
- In-depth knowledge of relevant security standards, regulations, and frameworks
- Familiarity with security technologies, tools, and best practices
- Strong analytical and problem-solving skills with a keen attention to detail
- Strong organizational and project management abilities.