Senior Information Security

Posted Date 06 Nov 2023



Experience Icon Experience 5 Years Salary Salary 7500AED
Job Type Icon Job Type Full Time Company Company Group 42
Job Category Icon Job Category Security Qualification Icon Qualification BS Security
Gender IconGender Both Date Last Date 16 Nov
Vacancies IconVacancies 1 Remote IconRemote No
Location Location(s) Abu Dhabi , United Arab Emirates

Description Job Description

Overview:
G42⠀Healthcare⠀is an Abu⠀Dhabi⠀based⠀health⠀technology⠀company⠀active⠀across⠀data and⠀AI,⠀digital⠀health,⠀advanced⠀OMICS,⠀pharma,⠀diagnostics⠀and⠀environmental⠀sciences.
G42⠀Healthcare⠀has⠀recently⠀merged⠀with the⠀healthcare⠀arm of the⠀Abu Dhabi⠀Sovereign⠀Fund⠀Mubadala⠀(Mubadala⠀Health)⠀creating a⠀unique⠀organisation⠀with over⠀7,000⠀staff⠀spanning⠀omics,⠀technology⠀and⠀healthcare⠀provision.
G42⠀Healthcare⠀is also⠀the⠀facilitator⠀of the 1⠀million⠀Emirati⠀Genome⠀Program,⠀operating⠀an NGS⠀facility⠀that can⠀deliver⠀over⠀500,000⠀whole⠀genome⠀sequences⠀per annum.⠀We have⠀recently⠀launched a⠀regional⠀partnership⠀with⠀Somalogic,⠀establishing⠀the first⠀high-throughput⠀proteomics⠀facility⠀in the⠀Middle⠀East, and⠀also own⠀the local⠀Health⠀Information⠀Exchange⠀called⠀Mallafi.

Responsibilities:
  • Develop⠀and⠀implement⠀Information⠀Security⠀Framework⠀that⠀includes⠀policies,⠀standards⠀and⠀processes⠀based on⠀international⠀standards⠀(e.g.⠀ISO27001,⠀ISO 27701,⠀HIPPA) as⠀well as⠀legal and⠀regulatory⠀requirements⠀(e.g.⠀NESA,⠀GDPR,⠀ADGM,⠀ADHICS)⠀ensuring⠀its⠀policies⠀and⠀procedures⠀are⠀adopted⠀and⠀adhered⠀to.
  • Should⠀have a⠀strong⠀understanding⠀of⠀healthcare⠀technology⠀and⠀security⠀requirements⠀for⠀healthcare⠀organizations⠀of⠀UAE.
  • Develops⠀an overall⠀information⠀security⠀and⠀compliance⠀strategy⠀and⠀recommends⠀appropriate⠀controls⠀and tools⠀in line⠀with M42⠀Healthcare⠀objectives.
  • Defines⠀and⠀implements⠀a risk⠀management⠀framework⠀for⠀healthcare⠀entity in⠀line with⠀M42⠀enterprise⠀risk⠀management⠀to ensure⠀that IT⠀security⠀and risks⠀are⠀managed to⠀acceptable⠀levels and⠀in⠀compliance⠀with⠀ADHICS and⠀ADGM⠀regulations.
  • Conducts⠀the⠀Technology⠀Risk⠀assessment⠀for new⠀business⠀and IT⠀projects,⠀identify⠀risks and⠀threats⠀and⠀monitor⠀risk.
  • Ensures⠀there is⠀sufficient⠀visibility⠀at the⠀appropriate⠀management⠀level for⠀every risk⠀– its⠀impact,⠀and cost⠀of⠀mitigation.
  • Ensure⠀effective⠀implementation⠀of⠀information⠀security⠀projects⠀aligned to⠀applicable⠀regulatory⠀requirements.⠀(e.g.,⠀ADHICS,⠀ADGM).
  • Provide⠀quarterly⠀ADHICS⠀information⠀security⠀submissions⠀and work⠀on gaps to⠀implement⠀adequate⠀controls⠀to ensure⠀that⠀ADHICS⠀scope⠀entities⠀are⠀compliant⠀with⠀appropriate⠀regulatory⠀security⠀controls.
  • Directs⠀and guides⠀internal⠀teams and/⠀or⠀external⠀providers⠀to ensure⠀that all⠀information⠀assets are⠀well⠀protected.⠀Reviews,⠀actions⠀any⠀exception⠀to⠀policies⠀and⠀standards⠀based on⠀impact and⠀takes⠀ownership⠀for all⠀Information⠀security⠀initiatives.
  • Keeps⠀abreast⠀with⠀market⠀trends and⠀latest⠀products⠀related to⠀healthcare⠀and⠀information⠀security⠀and⠀maintains⠀a broad⠀understanding⠀of the⠀environment,⠀to source⠀services⠀from the⠀external⠀market.
  • Develops,⠀manages,⠀maintains,⠀and⠀regularly⠀tests⠀security⠀incident-response-plan⠀that⠀ensures⠀all⠀critical⠀security⠀incidents⠀are⠀reported,⠀documented,⠀resolved⠀and⠀recovered.
  • Design,⠀build,⠀deployment⠀and⠀operation⠀of⠀security-focused⠀infrastructure⠀and⠀provide⠀consultation,⠀architectural⠀review,⠀risk⠀assessment⠀for M42⠀infrastructure⠀and⠀services.
  • Coordinate⠀with⠀internal⠀teams to⠀implementation⠀of⠀Information⠀security⠀controls⠀as per⠀recommendation⠀from M42⠀IT GRC, IS⠀GRC team,⠀Internal⠀Audits and⠀External⠀Audits.
  • Drive⠀IT teams⠀in⠀conducting⠀RCSA (Risk⠀Control⠀Self-Assessment)⠀to ensure⠀appropriate⠀process,⠀technical,⠀security⠀risk are⠀highlighted⠀and⠀implemented.
  • Conduct⠀industry⠀benchmarking,⠀regulatory⠀requirement⠀gathering⠀and⠀peer-based⠀analysis⠀of⠀available⠀controls,⠀risk⠀assessment⠀methodologies⠀and risk⠀mitigation⠀practices⠀to assess⠀for⠀coverage⠀gaps.
  • Actively⠀evaluate⠀and⠀supervise⠀information⠀security⠀and⠀information⠀technology⠀controls⠀for⠀healthcare⠀industry.
  • Develop⠀security⠀and⠀information⠀technology⠀metrics⠀including⠀KRIs and⠀KPIs, to⠀continuously⠀monitor⠀and guide⠀program⠀level⠀risks.
  • Building⠀strong⠀relationship⠀with key⠀stakeholders⠀in M42 IT⠀and with⠀M42⠀Healthcare⠀Functions.
  • Assuring⠀that the⠀quality of⠀the⠀services⠀delivered⠀by⠀suppliers⠀meets⠀contractual⠀commitments⠀and⠀business⠀needs and⠀managing⠀risks⠀associated⠀with⠀information⠀security,⠀continuity,⠀and⠀integrity⠀of⠀supply.
  • Represent⠀information⠀security⠀for M42⠀Healthcare⠀for any⠀Internal⠀and⠀External⠀audits.
  • Conduct⠀periodic⠀security⠀awareness⠀training⠀to⠀employees.
  • Educate⠀employees⠀on⠀Information⠀security⠀policies⠀and⠀processes.
  • Investigate⠀and⠀Respond to⠀Data⠀privacy⠀and⠀Information⠀security⠀incidents.
Qualifications:
Skills:
  • A minimum of a bachelor’s degree and a strong interest in Information and Healthcare Security and Cloud Security.
  • Experience of 5 to 10 years professional experience in Information Security and at least 5 years of experience in healthcare industry (in UAE is preferred).
  • Must be fluent in Arabic
  • UAE National preferred.
  • Should hold one or more certifications - Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manger (CISM).
  • The HealthCare Security Certification (HCISPP) is desirable.
  • Experience in risk management, information security, security operations, and security review.
  • Relevant experience working in the healthcare/life sciences industry with a deep understanding of regulatory frameworks such as ADHICS, FDA, CE, HIPAA, HITRUST, DOH, etc. is highly desired.
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
  • Must be able to effectively liaise with internal direct reports and senior management as well as external customers, clients, partners, and stakeholders.
  • Must be a critical thinker, with strong problem-solving skills.
  • The incumbent must have an in-depth understanding of IT agile software development frameworks, strong knowledge of IT best practices and protocols, operational risk management, and in-depth knowledge and expertise of the Group 42’s operations, including IT practices.
  • Specific expertise should include:
    • IT Management practices and protocols, including in-depth knowledge of international IT standards.
    • Solid knowledge of Cloud Security Practices and cloud models
    • A practical and proactive problem-solver who possesses strong business acumen and is confident, mature, and calm.
    • Excellent time management skills with the ability to prioritize and multitask and work under shifting deadlines in a fast-paced environment.
    • Ability to work independently and in a team environment with both the local and global Compliance and Legal teams and the information security teams. Excellent written and verbal communication skills.
Qualifications and Experience:
  • Bachelors⠀or⠀Master’s⠀degree in⠀IT,⠀Computer⠀science,⠀Software⠀engineering,⠀Data
  • Experience⠀with Cloud⠀Computing⠀and Cloud⠀Security.
  • Industry⠀certification⠀in one or⠀more of⠀the⠀following:⠀CISA,⠀CISM,⠀CISSP,⠀Azure⠀Architect,⠀AWS⠀Architect,⠀CCSP,⠀etc.
  • Preferred⠀to have⠀HealthCare⠀Security⠀Certification⠀(HCISPP)
  • Preferred⠀to have⠀ITIL V4⠀certification.

Filter Results Clear all

By Application Type

By Category