Job Description

Overview:
M42 is a global health champion powered by artificial intelligence (AI), technology and genomics to advance innovation in health for people and the planet. Headquartered in Abu Dhabi, M42 combines its specialized, state-of-the-art facilities with integrated health solutions like genomics and biobanks, and harnesses advanced technologies to deliver precise, preventive and predictive care, to disrupt traditional healthcare models and positively impact lives globally.
The role is responsible for developing, implementing, and maintaining an Information Security Framework, including policies, standards, and processes aligned with international best practices and regulatory requirements. The position plays a critical role in managing information security risks, ensuring regulatory compliance, overseeing security projects, responding to incidents, and strengthening security awareness across the organization. The role will also evaluate and supervise information security controls, develop security metrics, and build strong relationships with internal and external stakeholders to support M42's healthcare objectives. Responsibilities:
Develop, implement, and maintain an enterprise-wide Information Security Framework aligned with international standards (e.g., ISO 27001, ISO 27701, HIPAA) and regulatory requirements (e.g., ADHICS, ADGM, GDPR, NESA).
Define and execute the information security and compliance strategy in alignment with M42 objectives, recommending appropriate controls, tools, and technologies.
Establish and operate a healthcare-focused information security risk management framework aligned with M42 enterprise risk management practices.
Conduct technology risk assessments for new business initiatives and IT projects, including driving Risk Control Self-Assessments (RCSA).
Ensure appropriate management visibility of security risks, including impact, mitigation plans, and associated costs.
Perform regulatory gap analysis, industry benchmarking, and control maturity assessments to identify improvement opportunities.
Develop, monitor, and report information security and IT risk metrics, including KRIs and KPIs.
Lead the planning and delivery of information security initiatives and projects in line with regulatory and business requirements.
Investigate, manage, and respond to information security and data privacy incidents, including maintaining and testing the incident response plan.
Oversee the implementation, monitoring, and effectiveness of information security and IT controls across the healthcare environment.
Coordinate with IT GRC, internal audit, and external audit teams to implement regulatory and audit recommendations.
Manage regulatory submissions (including ADHICS) and remediate identified compliance gaps.
Direct internal teams and external service providers to ensure the protection of information assets and adherence to security policies and standards.
Build strong relationships with key stakeholders across M42 IT and Healthcare functions and represent Information Security in internal and external audits. Qualifications:

• Bachelor's or Master's degree in IT, Computer Science, Software Engineering, or a related field.

5-10 years of professional experience in Information Security, with a minimum of 5 years within the healthcare industry.
Proven experience in information security governance, risk management, compliance, and security operations.
Strong knowledge of healthcare and data protection regulations (e.g., ADHICS, HIPAA, GDPR, HITRUST, DOH).
Hands-on experience conducting technology risk assessments and Risk Control Self-Assessments (RCSA).
Solid understanding of international security standards and frameworks (e.g., ISO 27001, ISO 27701).
Experience working with cloud security architectures and cloud service models.
Excellent written and verbal communication skills, with the ability to explain security and risk concepts to technical and non-technical audiences.
Strong stakeholder management skills, including engagement with senior leadership, auditors, and regulators.
Relevant industry certifications such as CISA, CISM, CISSP, CCSP, or cloud security certifications (Azure/AWS).
Experience working in the UAE or similar regulated healthcare environments (preferred).
ITIL v4 certification (preferred).

Skills Required