Senior Analyst, Information Security

Overview

Responsibilities

• Develop, implement, and maintain an enterprise-wide Information Security Framework aligned with international standards (ISO 27001, ISO 27701, HIPAA) and regulatory requirements (ADHICS, ADGM, GDPR, NESA).
• Define and execute an information security and compliance strategy aligned with M42 objectives, recommending appropriate controls, tools, and technologies.
• Establish and operate a healthcare-focused information security risk management framework, aligned with M42 enterprise risk practices.
• Conduct technology risk assessments and drive RCSA activities for new initiatives and IT projects, ensuring risks are identified, assessed, and mitigated.
• Provide clear management-level visibility of security risks, including impact, mitigation plans, and cost considerations.
• Perform regulatory gap analysis, industry benchmarking, and control maturity assessments to identify and address improvement opportunities.
• Develop, monitor, and report security and IT risk metrics (KRIs and KPIs) to support informed decision-making.
• Lead and support information security initiatives and projects, ensuring alignment with regulatory and business requirements.
• Investigate, manage, and respond to information security and data privacy incidents, maintaining and regularly testing incident response plans.
• Oversee the evaluation and effectiveness of information security and IT controls across healthcare environments.
• Coordinate with IT GRC, Internal Audit, External Audit, and Compliance teams to implement audit findings and regulatory recommendations.
• Manage regulatory submissions (including quarterly ADHICS submissions) and remediate identified compliance gaps.
• Assess and manage third-party and supplier security risks, ensuring protection of information assets and continuity of services.
• Deliver information security awareness training and promote adherence to security policies and best practices.
• Build strong stakeholder relationships across M42 IT and Healthcare functions and represent Information Security in internal and external audits.
• Promote a culture of professionalism, confidentiality, compliance, and continuous improvement, communicating security risks and regulatory requirements clearly across the organization.

Qualifications

• 5-10 years’ experience in Information Security, including 5+ years within healthcare or life sciences, covering security governance, risk management, compliance, security operations, and assurance.
• Strong hands-on experience with technology risk assessments, RCSA activities, and managing security risks in highly regulated environments.
• Deep knowledge of regulatory and compliance frameworks including ADHICS, HIPAA, GDPR, HITRUST, DOH, FDA, and CE, alongside international IT and information security standards.
• Solid understanding of cloud security practices, cloud service models, IT governance, operational risk management, and secure software development practices.
• Excellent communication and stakeholder management skills, with the ability to engage senior leadership, auditors, regulators, and external partners, and translate complex security concepts to both technical and non-technical audiences.
• Strong analytical, critical thinking, and problem-solving abilities, with the capacity to work independently and collaboratively across global Compliance, Legal, IT, and Information Security teams.
• Fluent in written and spoken English.
• Preferred certifications include CISA, CISM, CISSP, CCSP, AWS or Azure Architect, and ITIL v4.