Job Description

This key role supports the implementation and continuous improvement of information security governance, risk management, and compliance (GRC) frameworks across IT and Rail Operational Technology (OT) environments. You will also support privacy programmes and ensure alignment with relevant cybersecurity and data protection regulations. Acting as the primary GRC advisor in the absence of the Head of Cyber Security, you will work closely with internal teams and external auditors to maintain audit readiness and demonstrate compliance with applicable laws, standards, and client requirements.

Main Responsibilities:

Strategic
Support the implementation and enhancement of GRC frameworks for IT and Rail OT systems.*
Ensure compliance with international standards such as ISO/IEC 27001 and local data protection laws.*
Conduct risk assessments and contribute to enterprise risk management planning.*
Advise on policy improvements and lead the development of security documentation.*

Financial
Contribute to the planning and budgeting of compliance-related initiatives and assessments.*
Ensure that audit and risk-related activities are completed within agreed resources.*

Stakeholder / Customer
Act as a liaison with internal stakeholders, external auditors, and client representatives for GRC-related topics.*
Provide input into audit responses, compliance reviews, and external reporting.*
Collaborate with cybersecurity, legal, IT, and operational teams to ensure integrated compliance efforts.*

Operational
Conduct compliance audits, gap analyses, and privacy impact assessments.*
Monitor implementation of corrective actions from internal/external audits.*
Support the execution of the Cyber Security Management Plan, especially in governance areas.*
Ensure alignment of cybersecurity incident processes with regulatory requirements.*

Capability / People
Deliver training and awareness sessions on cybersecurity, compliance, and data protection.*
Promote a strong culture of risk awareness, data protection, and regulatory compliance.*
Support the Head of Cyber Security in developing audit readiness and internal review capabilities*

MINIMUM QUAIFICATIONS

Min.

Required

Desirable

Education


Bachelor's degree in computer science, Information Management, or equivalent*
Certified in Cybersecurity (CC) certification or Lead Auditor ISO 27001*




Master's degree in information security, Information technology, or related fields.*
Certifications in advanced Information security areas like CISA, CRISC, or CISSP*

Experience


5+ years of experience in information security, compliance, or data privacy roles.*
Demonstrated expertise in implementing and maintaining compliance frameworks.*


Experience working in regulated environments, preferably in critical infrastructure.*
Experience with international cyber security standards and frameworks beyond ISO 27001, such as ISO 27701, NIST, IEC 62443, and GDPR compliance.*

Skills / Training


Exceptional written and oral communication skills*
Strong understanding of legislation and regulations*
Ability to assess and manage data protection risks effectively*


Ability to conduct training and awareness sessions effectively.*
Advanced training in risk management*
Excellent knowledge of data protection laws and regulations, including UAE Law No. 45 of 2021.*