Information Security Compliance Officer

Administration Jobs
Abu Dhabi
March 7, 2025
Full Time
Apply Now

Job Description

  • Responsible for the planning, development and implementation of cybersecurity policies, procedures, standards, and controls. Leads day to day compliance audits/assessments, governance, and risk management functions to ensure the protection of corporate information systems, networks, and data.

Responsibilities

  • Continuously validate the organization against policies, guidelines, procedures, regulations, and laws to ensure compliance.
  • Develop an annual compliance plan to ensure adequate auditing of compliance to cyber security policies and guidelines. 
  • Develop and maintain detailed compliance monitoring mechanisms and frameworks. 
  • Execute periodic and ad-hoc compliance checks and cyber risk assessments to ensure that cyber security controls and measures are adherent to the mandated cyber security policies and guidelines. 
  • Develop policy compliance reports including required corrective actions and recommendations. 
  • Conduct cyber security risk assessments based on current state of adherence to policies and rate of adoption of security controls and mechanisms. 
  • Provide remedial actions against non-compliance and collaborate to develop plans to reach a state of compliance. 
  • Follow up on the implementation status of defined corrective actions to adhere to policies. 
  • Organize policies, standards training, and awareness based the on periodic release of updated regulations or compliance mechanisms as required. 
  • Assess the effectiveness of security controls. 
  • Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs). 
  • Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network. 
  • Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centres). 
  • Ensure compliance with regulatory requirements across the emirates such as ADHICS, Riyathi.
  • Ensure compliance with the standards such as ISO 27001, SOC 2 & PCI DSS. 
  • Perform access review of the systems such as VPN, Removable Media, Audit logs, Admin access, Antivirus, PAM Access. 
  • Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials). 
  • Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk. • Assure successful implementation and functionality of security requirements and appropriate policies and procedures that are consistent with the organization’s mission and goals. 
  • Manage Information Security Business Continuity Plans. 
  • Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc. 
  • Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary. 
  • Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals. 
  • Ensure the security of bio-medical equipment’s. 
  • Manage the internal relationship with information technology (IT) process owners supporting the service, assisting with the definition and agreement of Operating Level Agreements (OLAs). 
  • Ensure including information security requirements in project management and ensure the protection of data during the project management lifecycle. 
  • Develop the strategy, goals, and objectives for the cyber security training, and awareness program. 
  • Develop new or identify existing awareness and training materials that are appropriate for intended audiences. 
  • Evaluate the effectiveness and comprehensiveness of existing training and awareness programs.

Qualifications

  • Bachelor’s degree in computer science/engineering, information security, software engineering, systems engineering, Electronics & Communication Engineering, or information systems. 
  • Lead Auditor/Implementer ISO 27001 
  • Lead Auditor/Implementer ISO 22301 
  • Certified Information Security Manger (CISM) 
  • Certified Information Security Auditor (CISA) 
  • Certified Risk and Information Systems Control (CRISC) 
  • Certified Information Systems Security Professional (CISSP) 
  • GRC Professional (GRCP) • Certified Governance of Enterprise IT (CGEIT)

Related Jobs