Information Security Lead

Role Overview

Information Security Specialist / Manager

Nesa Ias

MOHAP Information Security & Healthcare Data Guidelines

1. Regulatory Compliance & Governance

• Lead implementation and compliance for:
• **NESA Information Assurance Standards (IAS)**
• **MOHAP healthcare cybersecurity & data protection guidelines**
• Conduct
• gap assessments, audits, and readiness reviews
• Develop and maintain:

• Risk Management Frameworks

• Compliance documentation

2. Security Architecture & Controls

• Design and implement:
• Enterprise security architecture aligned with NESA controls
• Network, application, and cloud security frameworks
• Ensure alignment with standards such as:
• ISO 27001

• NIST Cybersecurity Framework

• Implement controls across:

• Identity & Access Management (IAM)

• Data protection & encryption
• Endpoint & network security

3. Risk Management & Audit

• Conduct:
• Risk assessments and vulnerability assessments
• Third-party/vendor risk evaluations
• Manage internal and external audits:
• NESA audits
• MOHAP compliance reviews
• Track remediation and ensure closure of findings

4. Healthcare Data Security (MOHAP Focus)

• Ensure compliance with:
• Patient data protection regulations
• Healthcare data privacy and residency requirements (UAE)
• Work with healthcare systems:
• HIS, EMR/EHR platforms
• Implement:
• Data classification
• Data loss prevention (DLP)
• Secure data exchange protocols

5. Incident Management & Monitoring

• Establish and manage:
• Security Operations processes (SOC alignment preferred)

• Incident Response Plans (IRP)

• Lead investigations, root cause analysis, and reporting

6. Stakeholder & Client Engagement

• Act as
• SME for InfoSec
• in presales and delivery
• Support:
• RFP/RFQ responses
• Client security assessments
• Work with internal teams:

Required Qualifications

• Bachelor’s degree in Information Security, IT, or related field
• 5–10+ years of experience in Information Security
• Strong hands-on experience with:
• **NESA IAS implementation**
• **MOHAP compliance frameworks**
• Experience in UAE/GCC regulatory environment is mandatory

• Cissp / Cism / Cisa

• ISO 27001 Lead Implementer / Lead Auditor
• NESA-related certifications (if available)

Technical Skills

• Security tools: SIEM, DLP, IAM, EDR
• Cloud security (Azure / AWS preferred)
• Vulnerability management tools
• Knowledge of:

• Zero Trust Architecture

• Data governance & privacy frameworks

Soft Skills

• Strong stakeholder communication (especially with regulators and enterprise clients)
• Ability to translate compliance into business-friendly solutions
• Leadership in cross-functional environments
• Good to Have
• Experience working with:
• UAE Government / Semi-Government entities
• Healthcare providers / hospital networks
• Exposure to:
• Smart city / digital transformation security
• Data & AI security frameworks