UAE National_IT Security Specialist | Corporate Services | Group Tech & Digital Platforms

Overview

responsibilities

What you will do

• Support the implementation and ongoing operation of digital risk management activities to identify, assess, and mitigate cybersecurity risks. Maintain and apply the established digital risk management framework aligned with recognized industry standards such as NIST, COBIT, and ISO/IEC 27001, and support periodic risk reviews and updates.
• Monitor and support compliance with applicable cybersecurity and privacy regulations and standards, including ADHICS, CBUAE-IA, PCI-DSS, ISO/IEC 27001, ISO/IEC 27701, ISO 22301, and ISO 28000.
• Assist in conducting gap assessments, tracking compliance requirements, documenting gaps, and supporting remediation actions to reduce regulatory, financial, and legal risk.
• Work closely with IT, compliance, legal, and business teams to support regular security assessments and compliance reviews. Coordinate inputs, follow up on actions, and support the execution of agreed remediation plans.
• Support the execution of security awareness initiatives through emails, posters, newsletters, and intranet communications to reinforce information security practices and promote a culture of security awareness across the organization.
• Assist with the planning, execution, and monitoring of simulated phishing exercises. Support analysis of results and dissemination of targeted awareness or follow-up training to improve employee awareness and response to phishing threats.
• Prepare and maintain operational documentation and reports related to security risk assessments, compliance reviews, and control effectiveness. Ensure findings, recommendations, and remediation actions are accurately documented and tracked to closure.
• Provide operational support for internal and external audits and regulatory inspections by coordinating evidence collection, tracking audit actions, and supporting closure of audit findings. Engage with internal and external auditors and internal stakeholders to support compliance with applicable standards and regulatory requirements, particularly within healthcare, insurance and automotive business lines.
• Support third-party risk assessments by applying defined risk scoring criteria based on inherent risk factors such as data sensitivity, system access, and business criticality. Maintain assessment records and support follow-up on remediation actions with vendors and internal stakeholders.

Skills

• Required Skills to be successful
• Strong communication, analytical/problem solving skills.
• Ability to handle multiple complex tasks, highly organized, and detail oriented.
• Ability to maintain confidentiality of records and information.
• Strong documentation, reporting, and evidence management skills to maintain audit-ready risk registers, compliance trackers, and assessment reports.
• Resilient and has multi-tasking experience in a fast-paced environment, completing work with pace with quality discipline.
• What equips you for the role
• Bachelor's degree in IT, computer applications or similar.
• Minimum 4 - 5 years of experience in Security Risk and Governance in a customer-facing capacity.
• Practical experience in information security governance, risk, and compliance (iGRC), including operational support for risk assessments, compliance reviews, gap assessments, and remediation tracking.
• Working knowledge of cybersecurity frameworks and standards, such as ISO/IEC 27001, NIST, COBIT, PCI-DSS, with hands-on experience supporting their implementation or assessment.
• Familiarity with regulatory requirements in the UAE and region, including ADHICS, CBUAE-IA, and experience supporting regulatory compliance activities and audits.
• Experience supporting third-party risk assessments, including inherent risk evaluation, risk scoring, documentation of findings, and follow-up on remediation actions.
• Professional certifications such as ISO 27001 Lead Implementer/Lead Auditor, CRISC, CISM or equivalent are preferred.