GRC Specialist - UAE Nationals Only

As part of the Governance, Risk and Compliance team, the GRC Specialist will be responsible for supporting the implementation of the security risk management process, including procedures and guidelines for identifying, assessing, and controlling risks. Responsibilities include managing compliance assessments, supporting activities in audits and certification audits against various standards, and tracking/reporting compliance implementation.

Key Accountabilities:

• Proactively seek opportunities to improve the efficiency and effectiveness of the IT security compliance program.
• Develop, review, and revise information security policies and supporting standards aligned with applicable industry best practices and regulations.
• Assist in the implementation of the security governance, risk, and compliance program with a focus on industry regulations and standards, data privacy, and internal policy compliance.
• Operate enterprise-owned tools supporting governance, risk, and compliance activities while supporting service providers in delivering contractual security requirements.
• Identify and evaluate IT security risk factors, ensuring adequate controls exist to mitigate these risks and meet compliance requirements.
• Demonstrate knowledge of IT security regulatory requirements like NESA, ISO 27001, PCI DSS, GDPR, ADHICS, etc.
• Provide assurance that IT security risks are effectively identified and addressed concerning the deployment of new or enhancements in existing information systems and processes.
• Support coordination activities required for IT security components of both internal and external audits.
• Assist in developing, reviewing, and publishing content for security awareness initiatives and conduct related training and simulations.
• Support the vulnerability detection and remediation program focusing on prioritization and remediation, including timely reports and dashboards.

Education & Experience:

• Knowledge of industry best practice standards pertaining to Information Security, risk management, and data privacy.
• Experience with Information Security and GRC tools.
• Understanding of international and local regulations pertaining to Aviation, Information Security, and data privacy.
• Ability to manage the execution of projects by security service providers and internal teams.
• Ability to learn and adapt quickly to new cybersecurity technologies and skills.
• Very good written and oral communication skills are required.
• A minimum of 5+ years of experience in Cybersecurity.
• Graduate degree in Computer Science, Management Information Systems, or equivalent industry experience.

Language Requirements: Very good written and oral communication skills are required.

About Etihad Airways: Etihad Airways, the national airline of the UAE, was formed in 2003 and has become one of the world’s leading airlines, flying to numerous destinations across the globe from its base in Abu Dhabi. The airline has received numerous awards for superior service and products and is committed to its ambitious Journey 2030 strategy, which aims to double its fleet size and triple customer numbers over the next six years.