Senior Analyst, Information Security

About This Role

Overview M42 is a global health champion powered by artificial intelligence (AI), technology and genomics to advance innovation in health for people and the planet. Headquartered in Abu Dhabi, M42 combines its specialized, state-of-the-art facilities with integrated health solutions like genomics and biobanks, and harnesses advanced technologies to deliver precise, preventive and predictive care, to disrupt traditional healthcare models and positively impact lives globally.

M42’s Integrated Health Solutions (IHS) platform leads national programs and population health initiatives while addressing global health disparities through precision, prevention, and predictive care. Uniting expertise in genomics, biobanking, data services, environmental sciences, and clinical research and trials, IHS delivers innovative, evidence-based solutions that advance both regional and global health. Its flagship programs include the Emirati Genome Program (EGP), enabling personalized healthcare; the Abu Dhabi BioBank, supporting drug discovery and biobanking; and Biogenix Labs, driving precision medicine with Next-Generation Sequencing (NGS). In addition, Environmental Sciences investigates non-human factors influencing public health, while IROS fosters innovation through world-class clinical research. Together, these initiatives reflect M42’s commitment to healthier communities and a more sustainable future.

The Senior Analyst, Information Security is responsible for developing, implementing, and maintaining a comprehensive Information Security Framework aligned with international standards and regulatory requirements. The role plays a key part in protecting healthcare information assets by managing security risks, ensuring regulatory compliance, overseeing security initiatives, and responding to information security and data privacy incidents.

Responsibilities

• Develop, implement, and maintain an enterprise-wide Information Security Framework aligned with international standards (ISO 27001, ISO 27701, HIPAA) and regulatory requirements (ADHICS, ADGM, GDPR, NESA).
• Define and execute an information security and compliance strategy aligned with M42 objectives, recommending appropriate controls, tools, and technologies.
• Establish and operate a healthcare-focused information security risk management framework, aligned with M42 enterprise risk practices.
• Conduct technology risk assessments and drive RCSA activities for new initiatives and IT projects, ensuring risks are identified, assessed, and mitigated.
• Provide clear management-level visibility of security risks, including impact, mitigation plans, and cost considerations.
• Perform regulatory gap analysis, industry benchmarking, and control maturity assessments to identify and address improvement opportunities.
• Develop, monitor, and report security and IT risk metrics (KRIs and KPIs) to support informed decision-making.
• Lead and support information security initiatives and projects, ensuring alignment with regulatory and business requirements.
• Investigate, manage, and respond to information security and data privacy incidents, maintaining and regularly testing incident response plans.
• Oversee the evaluation and effectiveness of information security and IT controls across healthcare environments.
• Coordinate with IT GRC, Internal Audit, External Audit, and Compliance teams to implement audit findings and regulatory recommendations.
• Manage regulatory submissions (including quarterly ADHICS submissions) and remediate identified compliance gaps.
• Assess and manage third-party and supplier security risks, ensuring protection of information assets and continuity of services.
• Deliver information security awareness training and promote adherence to security policies and best practices.
• Build strong stakeholder relationships across M42 IT and Healthcare functions and represent Information Security in internal and external audits.
• Promote a culture of professionalism, confidentiality, compliance, and continuous improvement, communicating security risks and regulatory requirements clearly across the organization.

Qualifications

• 5-10 years’ experience in Information Security, including 5+ years within healthcare or life sciences, covering security governance, risk management, compliance, security operations, and assurance.
• Strong hands-on experience with technology risk assessments, RCSA activities, and managing security risks in highly regulated environments.
• Deep knowledge of regulatory and compliance frameworks including ADHICS, HIPAA, GDPR, HITRUST, DOH, FDA, and CE, alongside international IT and information security standards.
• Solid understanding of cloud security practices, cloud service models, IT governance, operational risk management, and secure software development practices.
• Excellent communication and stakeholder management skills, with the ability to engage senior leadership, auditors, regulators, and external partners, and translate complex security concepts to both technical and non-technical audiences.
• Strong analytical, critical thinking, and problem-solving abilities, with the capacity to work independently and collaboratively across global Compliance, Legal, IT, and Information Security teams.
• Fluent in written and spoken English.
• Preferred certifications include CISA, CISM, CISSP, CCSP, AWS or Azure Architect, and ITIL v4.