Job Description

Synopsis
As part of the Governance, Risk, and Compliance (GRC) team, this role is open to candidates across various experience levels--from entry-level to seasoned professionals. The position is responsible for supporting the implementation of the security risk management process, procedures, and guidelines, including identifying, assessing, and controlling risks.
This role offers opportunities for entry-level candidates to gain hands-on experience in risk management and compliance, while more experienced professionals will take a leadership role in audits, risk strategy, and the development of governance frameworks.
Accountabilities

• Assist the Implementation of the security governance, risk and compliance program as directed with a focus on industry regulations and standards, data privacy and internal policies and standards compliance.
• Operate the enterprise-owned tools that support governance, risk and compliance activities and support service providers in delivering contractual security requirements.
• Identify and evaluate IT security risk factors and ensure adequate & effective IT security controls exists that mitigate these risks and meet current and future compliance requirements.
• Demonstrate knowledge of IT security regulatory requirements like NESA, ISO 27001, PCI DSS, GDPR, ADHICS, etc.
• Provide assurance that IT security risks are effectively identified and addressed in relation to with deployment of new or enhancements in existing information systems and processes.
• Provide support in coordination activities as required for the IT security component of both internal and external audits.
• Support in the development, review and publishing of content for security awareness theme and conduct security awareness trainings & simulation exercises.
• Support the vulnerability detection & remediation program with a focus on vulnerability prioritization and remediation with creation of timely reports & dashboards
• Facilitate the development of remediation plans and the timely resolution of any identified gaps.
• Proactively seek opportunities to improve the efficiency / effectiveness of the IT security compliance program.
• Act as a channel of communication to IT to receive and direct compliance issues to appropriate IT resources for investigation and resolution.
• Develop, review and revise information security policies and supporting standards aligned with applicable industry best practices and regulations.

Education & Experience

• Graduate degree in Computer Science, Management Information Systems or equivalent.
• A minimum of 5 years of experience in Cybersecurity.
• Knowledge of industry best practice standards pertaining to Information Security, risk management and data privacy
• Knowledge of and experience with Information Security and GRC tools required.
• Understanding of international and local regulations pertaining to Aviation, Information Security and data privacy
• Ability to manage execution of projects by security services providers and internal teams.
• Ability to learn and adapt quickly to new cybersecurity technologies and skills
• Very good written and oral communication skills required.

About Etihad Airways
Etihad Airways, the national airline of the UAE, was formed in 2003 and quickly went on to become one of the world's leading airlines. From its home in Abu Dhabi, Etihad flies to passenger and cargo destinations in the Middle East, Africa, Europe, Asia, Australia and North America. Together with Etihad's codeshare partners, Etihad's network offers access to hundreds of international destinations. In recent years, Etihad has received numerous awards for its superior service and products, cargo offering, loyalty programme and more. All this ties into Etihad's ambitious Journey 2030 strategy. The airline plans to double its fleet size and triple the number of customers over the next six years as it sets out to be the airline everyone wants to fly!
To learn more, visit
Recruitment Fraud Alert
Beware of fraudulent job offers from individuals or organizations claiming to represent the Etihad group. We will never ask for personal information, bank details, or payment during the recruitment process. Interviews are conducted face-to-face or via video/telephone before any formal offer. If you are asked for money, please treat it as fraudulent.

Skills Required