About the role:

The Specialist – Information Security is responsible for leading and assisting GRC efforts for information security risk governance in G42 IT. The overall objective of this role is to ensure the execution of Information security directives and activities in alignment with G42 Information security policy and regulatory requirements to protect G42 customers and internal entities.

• Lead the implementation of the Information Security Framework that includes policies, standards and processes based on international standards (e.g., ISO27001, ISO22301, ISO27017, ISO27018), as well as legal and regulatory requirements (e.g., NESA, GDPR, ADGM, ADHICS) ensuring the policies and procedures, are adopted and adhered to.
• Define, implement, and lead the change/release management process for G42 IT.
• Define the action plan for collecting the audit evidence and coordinate it in a time-bound manner.
• Accountable for various compliance audits and be the single point of contact for any evidence or discussions.
• Ensure implementation of the risk management framework for G42 entities in line with G42 Enterprise Risk management to ensure that Information security and related risks are managed and closed to acceptable levels and in compliance with NESA, ADHICS, ADGM and any other applicable regulatory requirements.
• Close identified security risks and threats and suggest appropriate controls to mitigate the identified risks.
• Manage, monitor and update the risk register to ensure sufficient visibility at the appropriate management level for every risk – its impact, existing controls and mitigation plan.
• Establish, drive and monitor security metrics framework – key performance and key risk indicators- highlighting key risk and lagging KPIs to management.
• Drive the Security awareness initiatives for G42, including but not limited to Phishing awareness, Email Security Newsletters, conducting Awareness training and phishing assessments.
• Review all change requests, in scope service requests and advise suitable controls as per Information security policies. Review day-to-day changes and represent the team in Change advisory board.
• Coordinate with internal teams to implementation of Information security controls as per recommendations for internal- and external audits.

To qualify, you must have:

• Bachelor’s or master’s degree in IT, Information Security, Computer science, or Software engineering.
• 7 plus years’ experience in IT/ Information Security/ Cloud Security, in which at least 4 years of experience in security risk governance, security compliance or risk advisory services.
• Should hold one or more security certifications – CISSP/CCSP/ CCSK/ CISA/Azure Security / AWS Security Specialist.
• Must have experience in security practices, risk management and security audits.
• Excellent communication skills and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
• Experience in leading and motivating cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
• Problem solver and excellent time management skills with the ability to prioritize, multitask and work under shifting deadlines in a fast-paced environment.

Ideally, you will also have:

• Relevant experience working in the IT and Cloud industry with a deep understanding of regulatory frameworks/standards such as ISO27001, ADHICS, ADGM, NESA, etc.
• Must have experience in security practices, risk management and security audits.