UAE National_Information Security Specialist | Corporate Services | Gr

Overview

The role supports the day‑to‑day operations of the Information Security function within the CISO office, combining operational security activities with Governance, Risk and Compliance (iGRC) responsibilities. As a key member of the iGRC subfunction, the role supports the development, implementation and oversight of risk management practices to safeguard the organization’s digital assets and mitigate cyber‑security threats in alignment with Al‑Futtaim Group Digital Risk Management and Enterprise Risk Management processes and standards.

The position serves as a central coordination point for digital risk activities across aligned enterprise business lines and supports collaboration across departments to strengthen security risk management and compliance outcomes.

• Support the implementation and ongoing operation of digital risk management activities to identify, assess and mitigate cyber‑security risks.
• Maintain and apply the established digital risk management framework aligned with recognized industry standards such as NIST, COBIT and ISO/IEC 27001 and support periodic risk reviews and updates.
• Monitor and support compliance with applicable cyber‑security and privacy regulations and standards including ADHICS, CBUAE‑IA, PCI‑DSS, ISO/IEC 27001, ISO/IEC 27701, ISO 22301 and ISO 28000.
• Assist in conducting gap assessments, tracking compliance requirements, documenting gaps and supporting remediation actions to reduce regulatory, financial and legal risk.
• Work closely with IT, compliance, legal and business teams to support regular security assessments and compliance reviews, coordinate inputs, follow up on actions and support the execution of agreed remediation plans.
• Support the execution of security awareness initiatives through emails, posters, newsletters and intranet communications to reinforce information security practices and promote a culture of security awareness across the organization.
• Assist with the planning, execution and monitoring of simulated phishing exercises; support analysis of results and dissemination of targeted awareness or follow‑up training to improve employee awareness and response to phishing threats.
• Prepare and maintain operational documentation and reports related to security risk assessments, compliance reviews and control effectiveness.
• Ensure findings, recommendations and remediation actions are accurately documented and tracked to closure.
• Provide operational support for internal and external audits and regulatory inspections by coordinating evidence collection, tracking audit actions and supporting closure of audit findings.
• Engage with internal and external auditors and internal stakeholders to support compliance with applicable standards and regulatory requirements, particularly within healthcare, insurance and automotive business lines.
• Support third‑party risk assessments by applying defined risk scoring criteria based on inherent risk factors such as data sensitivity, system access and business criticality.
• Maintain assessment records and support follow‑up on remediation actions with vendors and internal stakeholders.

• Strong communication, analytical/problem‑solving skills.
• Ability to handle multiple complex tasks, highly organized and detail oriented.
• Ability to maintain confidentiality of records and information.
• Strong documentation, reporting and evidence management skills.
• Resilient and experienced multi‑tasking in a fast‑paced environment, completing work with quality discipline.

• Bachelor’s degree in IT, computer applications or similar.
• Minimum 4–5 years of experience in Security Risk and Governance in a customer‑facing capacity.
• Practical experience in information security governance, risk and compliance (iGRC), including operational support for risk assessments, compliance reviews, gap assessments and remediation tracking.
• Working knowledge of cybersecurity frameworks and standards such as ISO/IEC 27001, NIST, COBIT and PCI‑DSS, with hands‑on experience supporting their implementation or assessment.
• Familiarity with regulatory requirements in the UAE and region, including ADHICS, CBUAE‑IA, and experience supporting regulatory compliance activities and audits.
• Experience supporting third‑party risk assessments, including inherent risk evaluation, risk scoring, documentation of findings and follow‑up on remediation actions.
• Professional certifications such as ISO 27001 Lead Implementer/Lead Auditor, CRISC, CISM or equivalent are preferred.