IS Analyst - Data Security and Access Governance

To support Access Governance and Data Security Governance functions under the Group Information Security Department, this role will be key in performing timely access reviews and data security assessments which will help improve the security posture of the company.

Key Responsibilities

• Perform access reviews on Business application access, infrastructure application access, or any other special access provided to the users.
• Ensure access governance policies are applied across all the access provided for staff across the organization, including business applications and infrastructure applications.
• Perform ad-hoc access reviews on applications based on the identified risk escalations.
• Review the application matrix for business departments, highlighting any unauthorized or risky access provided based on access management principles such as least privilege and segregation of duties.
• Coordinate with business units, HR department, and ICD for identifying unauthorized access and taking necessary remediation actions.
• Govern the privileged access provided to the staff.
• Perform assessments on exceptions to the approved access matrix and highlight any identified risks.
• Govern the IDAM solution and ensure access governance policies on IDAM workflows.
• Govern the PAM solution and ensure access governance policies on PAM workflows.
• Support and contribute to the company-wide data classification exercise for the entire company.
• Develop and maintain DLP policies, rules, and exceptions.
• Periodic review of data protection policies.
• Maintain updated data registers and assist in implementing DLP rules for the completed data registers.
• Create data flow maps from the data registers.
• Timely KPI and KRI reporting related to data security and access governance.
• Participate in the Information security programs and projects, supporting compliance assessments, audits, gap analyses, and remediation related to data security and access governance.

Requirements

• Knowledge about Identity and Access Management Solutions and methodologies.
• Knowledge of privileged management solutions, DLP solutions preferably Forcepoint or Microsoft Purview.
• Knowledge of Information security & control frameworks, regulations, international standards, and best practices.
• Experience in managing policy exceptions, including working directly with the teams to document exceptions, identify compensating controls, and remediation action plans.
• Ability to work independently without detailed guidance.
• At least one Security, Risk, or IT certification held or in process (i.e., CISSP, ITIL, CISM, ISO 27001, Security+).
• Bachelor’s degree in computer science or information security from an accredited 4-year university (Master’s degree preferred).

Location
Abu Dhabi