Manager Information Security & Data Privacy

Abu Dhabi, United Arab Emirates
Group
61 Current Jobs Openings
Apply Now

Job Description

Overview:
About the company:
Group 42 is an Abu Dhabi based artificial intelligence (AI) and cloud computing company, uniquely positioned in the national ecosystem to develop, and deploy holistic and scalable AI solutions.
G42 Healthcare is committed to developing a world-class, sustainable healthcare sector in the UAE and wider region. At the forefront in the battle against the pandemic, G42 Healthcare partnered with Abu Dhabi authorities to develop a massive throughput laboratory in 14 days and spearheaded the world’s first Phase 3 clinical trial of COVID-19 inactivated vaccine. Beyond Covid-19, G42 Healthcare is also developing a program of activities to support the health of future generations – ranging from genomics, imaging and diagnostics to digitization programs, manufacturing, and cutting-edge research.

As Senior Manager - Information Security & Data Privacy, you will lead the Information Security & Data Privacy team covering areas such as Identity & Access Management, Cyber Security Defense Center, Data Privacy, Data Protection, Cloud Security, Information Security GRC and Red Team processes and work with the senior stakeholders across the company Responsibilities:
Responsibilities:

Develops the following sub functions:

  • Identity & Access Management
  • Cyber Security Defence Centre
  • Data Privacy & Protection
  • Information Security Governance, Risk and Compliance
  • Red Team
Data Privacy
  • Support Group 42 Healthcare business and will encompass the formal function of Data Protection Officer and will work collaboratively with key stakeholders to provide day to day guidance on a range of data issues, implementing company-wide policies and further embedding the privacy culture at Group 42 Healthcare
  • Be the primary point of contact for all data privacy and information security matters
  • Provide strategic leadership to the business on data protection, privacy, information security and data governance matters
GRC
  • Manage internal compliance programmes
  • Support internal product and operational teams to develop, deliver and have oversight of G42 Healthcare solutions
  • Lead data protection training to raise awareness of all employees across the company
  • Assist the internal compliance team with the completion of data protection audits
  • Oversee the information security functions in the organization
  • Be responsible for managing three separate departments, logical security, physical security and audit and compliance.
  • Creation and management of all ISMS policies and management of all applicable ISMS procedures
  • Ensure compliance to all applicable internal and external security requirements
  • Ensure IT/IS security is addressed in the development/acquisition processes for information systems and associated products and services
  • Ensure IT/IS systems have suitable DR and BCP processes and procedures in place
  • Establish and maintain processes to ensure that all users are trained to conduct themselves in a manner which ensures they fulfil their IT/IS security responsibilities Essential Criteria
  • Must have demonstrable experience with ensuring compliance to company, client and regulatory requirements
  • Own Group 42’s information security organization, consisting of direct reports and indirect reports. This includes hiring, training, staff development, performance management and annual performance reviews
  • Deep understanding and application of information security management framework based on the following: International Organization for Standardization (ISO) 2700X, FDA, CE, HIPAA, HITRUST, etc.
  • Build information security policies, standards and guidelines; oversee the approval, training, and dissemination of security policies and practices.
  • Overall responsibility in achieving and maintaining relevant certifications to continue Group 42’s position as leader in Security and Data Privacy
  • Liaise with Group 42’s IT and Engineering teams to ensure alignment between the security and development practices, ideally understands SSDLC and/or SDLC in a regulated environment.
  • Teams in Product Security, Platform Security, Engineering, and Operations will partner with the information security organization to deliver exceptional security for customers
  • Manage risk-based process for vendor security risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
  • Provide risk guidance for Product Engineering & Platform Engineering projects, including the evaluation and recommendation of technical controls.
  • Represent security expertise of Group 42 to current and potential customers
  • Guide the company through internal and external audits, examinations and reviews related to security and participate in cross-functional teams in connection with regulatory and other audits and examinations.
  • Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program
  • Work directly with the business units to facilitate risk assessment and risk management process
  • Facilitate an information security governance structure through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.
  • Develop and enhance an information security management framework
  • Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
  • Partner with business stakeholders across the company to raise awareness of risk management concerns
  • Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
  • Defines the security strategy, roadmap and acts as the primary interface for Information/Cyber security topics
  • Build & maintain the Information/Cyber security program based on risks
  • Engages with and manages the right vendors to ensure appropriate security architecture and solutions are deployed covering network, physical, application or system security across all information systems (applications, databases, data centers and servers, networks, desktops and other endpoints)
  • Manages the formulation of policies and procedures to protect information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction, ensuring that Silver Beach maintains security best practices to comply with NIST and standards such as BS7799, ISO 17799 and ISO 27001
  • Works with Tech Officer / System Integration Manager for evaluating and managing IoT related cyber security risks, deriving the overall security and business continuity / disaster recovery plans
  • Defines policies and procedures in relation to managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes
  • Extends the concepts of information management to the practices and technologies of physical security to have a complete security framework
  • Manages governance and enforcement of information technology controls related to the confidentiality, integrity, and availability of data
  • Establishes resilience policies and guidelines including excess capacity, redundancies, and failovers
  • Develops approaches to generate revenue through security with business solutions
  • Communicates periodic status reports to higher management and escalate potential issues as appropriate
  • Cyber Security Defense Center & Red Team
  • Manage and assist in performing on-going security monitoring and continuous improvement of information systems including risk assessment, gap analyses, new security capabilities assessments and recommendation·
  • Act as the central point of contact for all incidents, develop and deploy appropriate incident handling procedures and reporting
  • Driving security operations cross-functionally, including proactive review and management of vulnerabilities to reactive engagement during an incident, and everything in between.
  • Leads the convergence of technical and physical security controls and solutions
  • Supports other Group 42 internal stakeholders / functions to deploy the necessary tools and solutions in place to help with compliance and effective security monitoring

General
  • Excellent written and verbal communication skills
  • Self-reliant, completer- finisher with a pragmatic approach to Security
  • Ability to operate effectively without direct supervision
  • Ability to interact effectively with all areas and levels of the business
  • Detailed knowledge of IT and security disciplines
  • Demonstrable experience in management of Security related projects
  • Ability to manage complex projects and coordinating all major stakeholders to ensure a collaborative approach to achieve a desired solution
Qualifications:
Candidate Requirements

  • A minimum of a bachelor’s degree and a strong interest in IT applications and operations.
  • Minimum of 10 years professional experience in IT
  • Certification as a Certified Information Systems Security Professional (CISSP) and/or Systems Security Certified Practitioner (SSCP) is desirable.
  • Minimum of 5 years of experience in a combination of risk management, information security, security operations, and Product Engineering roles. At least 4 years in a senior leadership role in security.
  • Relevant experience managing security for companies that leverage cloud technologies such as Amazon Web Services (AWS), Google Cloud Platform (GCP), or Azure and / or offer platform as a service (PaaS) with security commitments to customers and partners.
  • Relevant experience working in the healthcare/life sciences industry with a deep understanding of regulatory frameworks such as ISO, GDPR, FDA, CE, HIPAA, HITRUST, etc. is highly desired.
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
  • Must be able to effectively liaise with internal direct reports and senior management as well as external customers, clients, partners and stakeholders.
  • Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
  • The incumbent must have an in-depth understanding of IT agile software development frameworks, strong knowledge of IT best practices and protocols, operational risk management, and in-depth knowledge and expertise of the Group 42’s operations, including IT practices. Specific expertise should include:
  • IT Management practices and protocols, including in-depth knowledge of international IT standards.
  • Solid knowledge of IT application design, development, support and Operations Audit methodology
  • Ability to work independently and in a team environment with both the local and global Compliance and Legal teams and the information security teams.

Beware of fraud agents! do not pay money to get a job

MNCJobsGulf.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.


Related Jobs

Job Detail

  • Job Id
    JD1433679
  • Industry
    Not mentioned
  • Total Positions
    1
  • Job Type:
    Full Time
  • Salary:
    Not mentioned
  • Employment Status
    Permanent
  • Job Location
    Abu Dhabi, United Arab Emirates
  • Education
    Not mentioned
 
 
Jobs by Function
Popular Job Skills
Popular Industries
Popular Cities
Jobseekers
Employers
Home | About Us | Terms & Conditions | Privacy Policy | Help and FAQ | Contact Us
All rights reserved © 2024.