Information Security Compliance Officer

Abu Dhabi, United Arab Emirates

Full Time Senior-level / Expert USD 70K - 131K * ^est.

NMC Healthcare

Find premier healthcare services in Abu Dhabi and across the UAE with NMC Healthcare. Our top hospitals and renowned doctors offer unparalleled medical expertise and compassionate care to ensure your well-being. Trust NMC Healthcare for...

View all jobs at NMC Healthcare

Apply now Apply later

Posted 2 days ago

Responsible for the planning, development and implementation of cybersecurity policies, procedures, standards, and controls. Leads day to day compliance audits/assessments, governance, and risk management functions to ensure the protection of corporate information systems, networks, and data.

Continuously validate the organization against policies, guidelines, procedures, regulations, and laws to ensure compliance.
Develop an annual compliance plan to ensure adequate auditing of compliance to cyber security policies and guidelines.
Develop and maintain detailed compliance monitoring mechanisms and frameworks.
Execute periodic and ad-hoc compliance checks and cyber risk assessments to ensure that cyber security controls and measures are adherent to the mandated cyber security policies and guidelines.
Develop policy compliance reports including required corrective actions and recommendations.
Conduct cyber security risk assessments based on current state of adherence to policies and rate of adoption of security controls and mechanisms.
Provide remedial actions against non-compliance and collaborate to develop plans to reach a state of compliance.
Follow up on the implementation status of defined corrective actions to adhere to policies.
Organize policies, standards training, and awareness based the on periodic release of updated regulations or compliance mechanisms as required.
Assess the effectiveness of security controls.
Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centres).
Ensure compliance with regulatory requirements across the emirates such as ADHICS, Riyathi.
Ensure compliance with the standards such as ISO 27001, SOC 2 & PCI DSS.
Perform access review of the systems such as VPN, Removable Media, Audit logs, Admin access, Antivirus, PAM Access.
Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk. • Assure successful implementation and functionality of security requirements and appropriate policies and procedures that are consistent with the organization’s mission and goals.
Manage Information Security Business Continuity Plans.
Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
Ensure the security of bio-medical equipment’s.
Manage the internal relationship with information technology (IT) process owners supporting the service, assisting with the definition and agreement of Operating Level Agreements (OLAs).
Ensure including information security requirements in project management and ensure the protection of data during the project management lifecycle.
Develop the strategy, goals, and objectives for the cyber security training, and awareness program.
Develop new or identify existing awareness and training materials that are appropriate for intended audiences.
Evaluate the effectiveness and comprehensiveness of existing training and awareness programs.

Bachelor’s degree in computer science/engineering, information security, software engineering, systems engineering, Electronics & Communication Engineering, or information systems.
Lead Auditor/Implementer ISO 27001
Lead Auditor/Implementer ISO 22301
Certified Information Security Manger (CISM)
Certified Information Security Auditor (CISA)
Certified Risk and Information Systems Control (CRISC)
Certified Information Systems Security Professional (CISSP)
GRC Professional (GRCP) • Certified Governance of Enterprise IT (CGEIT)

Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats: 6 2 0

Category: Compliance Jobs

Tags: Antivirus Audits CISA CISM CISSP Cloud Compliance Computer Science CRISC Governance ISO 22301 ISO 27001 Monitoring PCI DSS Risk assessment Risk management RMF SOC SOC 2 Strategy VPN Vulnerabilities