About the Job
The main purpose of the role is to manage the design, development, management, and implementation of secure systems and processes. Responsibilities will include, but are not limited to, performing reviews, assessments, and audits, conducting research, and facilitating communication with internal and external stakeholders as necessary. The position will monitor, coordinate, and implement policies, standards, procedures, controls, and guidelines to support security, compliance, risk management, and audit requirements.
Key Responsibilities:
- Act as a point of contact within the organization for staff members, regulators, and relevant public bodies on issues related to information security.
- Ensure the company’s procedures comply with applicable local and international Data Protection Regulations and codes of practice.
- Coach other organization members on best practices to be followed.
- Evaluate the existing data protection framework, identify areas of non-compliance, and rectify any issues.
- Devise training plans and provide data protection advice and support to staff.
- Inform and advise business partners on all matters related to data protection.
- Promote a culture of security awareness and data protection compliance across all units of the organization.
- Provide expert advice and educate employees on important information security and data compliance requirements.
- Draft new and amend existing policies, guidelines, and procedures in consultation with key stakeholders.
- Implement and manage the required procedures and regulatory controls.
- Implement and manage IT Governance Controls, including but not limited to Risk Management.
- Develop and manage a comprehensive Information Security Risk Management Program.
- Conduct training with staff members across different business units involved in data handling or processing, as well as providing training related to Security Awareness.
- Proactively conduct IT compliance checks to ensure adherence and address potential issues.
- Maintain records of all data processing activities conducted by the company.
- Engage with business and project teams to advise on privacy controls (including completing data privacy impact assessments) and mitigating risks.
- Coordinate responses to data subject rights requests, if required.
- Conduct root cause analysis of personal data breaches and identify remedial actions where necessary.
- Report key risks and mitigating controls, as well as the quality of compliance programs, to senior management regularly and obtain resulting feedback.
Qualifications:
To qualify, you must have:
- A Bachelor’s or Master’s degree in IT, Information Security, Computer Science, or a related field.
- A minimum of 10 years of experience working in information security and data protection operations and compliance, with the last years in a leading role.
- Privacy-related qualifications/certification, e.g., International Association of Privacy Professionals (IAPP), GDPR, etc.
- Experience with privacy operations tools like Forcepoint, OneTrust, and data discovery solutions.
- Knowledge of authentication standards and technologies such as multi-factor authentication, JSON Web Token (JWT), and single sign-on (SSO).
- Familiarity with identity and access management best practices, procedures, and software solutions such as SailPoint, Beyond trust PAM, Azure PIM and/or EPM, CyberArk, ForgeRock, Okta, or Ping Identity.
- Proficiency in Microsoft Office Suite or related writing and presentation software.
- Expertise in local and international data protection and information security laws and practices, including an in-depth understanding of Abu Dhabi Global Market Data Protection Regulation and EU’s General Data Protection Regulation.
- Experience with the implementation of data privacy standards like GDPR in a complex organizational environment.
- Strong project management skills, with the ability to work well under pressure and manage sensitive and confidential information.
- Excellent verbal and written communication skills, with strong attention to detail.
