Job Description

Description

The Information Security & Data Protection Officer (IS/DPO) is responsible for overseeing Kanad Hospital's information security, data protection, and privacy program in compliance with UAE laws, ADHICS standards, and international best practices. The role ensures lawful and secure processing of Personal Identifiable Information (PII) and Personal Health Information (PHI), implements privacy-by-design principles in clinical, administrative, and digital workflows, and leads key security projects including SOC, SIEM, and Data Loss Prevention (DLP) initiatives.

Essential Job Functions and Key Accountabilities:

Develop, implement, and monitor a strategic, comprehensive data protection, enterprise information security, and IT risk management program aligned with ADHICS, UAE privacy laws, and international standards. ?Ensure no conflict of interest in execution of DPO duties and act as primary contact for data subjects and regulatory authorities. ?Maintain a data processing register and oversee Data Protection Impact Assessments (DPIA) for systems processing PII and PHI, including automated, profiling, or large-scale data processing. Implement and monitor mechanisms to support data subject rights: + Access to PHI/PII processing information
+ Data transfer to data subjects or other controllers in machine-readable format
+ Correction or deletion of PII/PHI4.4.4.Restriction of processing and retention for legal claims.
+ Objection to automated decisions and profiling outcomes
Maintain records of disclosures and data sharing involving PII and PHI. Review and appropriately reject data subject requests when: + Interferes with judicial investigations or public interest
+ Deletion conflicts with legal requirements
+ Restriction undermines information security protection efforts
+ Violates others' privacy or confidentiality
+ Automated processing is covered by valid consent or legal basis
Execute periodic and ad-hoc compliance checks, privacy audits, and cyber risk assessments. Recommend and implement remedial actions for security, privacy, and compliance gaps. Contribute to Risk Management Framework documentation and activities, including secure system lifecycle support and PHI handling. Participate in risk governance committees and report security and data protection risks to hospital leadership. Lead and monitor implementation of SOC, SIEM, and PHI monitoring systems to identify threats and unauthorized access. Oversee and enhance DLP governance for PHI/PII, including detection, prevention, and incident response controls. Conduct privacy and cyber security awareness training for clinical, frontline, and administrative staff. Collaborate with IT, clinical, and operational departments to ensure privacy-by-design in system rollouts, vendor assessments, and digital transformation projects. Investigate and coordinate responses to data breaches involving PII and PHI, ensuring timely notification and reporting. Act as liaison with legal counsel, regulatory authorities, and certification bodies regarding data protection and ADHICS assessments. Define and enforce security protocols, policies, and procedures, ensuring compliance with UAE regulations and international standards.

Competency Standards

?

Clinical/Technical Competencies:

?

Cyber security and privacy principles (confidentiality, integrity, availability).? Networking protocols and network security threats. Laws, regulations, and ethics related to cyber security.? Information classification and compromise procedures. Security scanning, vulnerability assessments and penetration testing.? ?PHI (Personal Health Information) data protection standards. Security architecture, including topology, protocols, and components.? ?Experience with SIEM tools. DLP platform experience ? Familiarity with Firewalls, IDS/IPS, and Endpoint Protection. Microsoft Azure and Office 365 security solutions.? ISO 27001 and/or ADHICS implementation experience preferred.

Qualification

Bachelor's Degree in Information Technology, Computer Science, or Cybersecurity.

Diploma holders with strong relevant experience may be considered.

Experience

3-5 years of professional experience in Information Security.

Minimum 2 years of

hands-on experience

with

DLP

and

SOC/SIEM

projects.