Specialist

Abu Dhabi, United Arab Emirates

Apply Now

Job Description

Overview:

Group 42 is an Abu Dhabi based artificial intelligence (AI) and cloud computing company, uniquely positioned in the national ecosystem to develop and deploy holistic and scalable AI solutions.
G42 Healthcare is committed to developing a world-class, sustainable healthcare sector in the UAE and wider region. At the forefront in the battle against the pandemic, G42 Healthcare partnered with Abu Dhabi authorities to develop a massive throughput laboratory in 14 days and spearheaded the world’s first Phase 3 clinical trial of COVID-19 inactivated vaccine. Beyond Covid-19, G42 Healthcare is also developing a program of activities to support the health of future generations – ranging from genomics, imaging and diagnostics to digitization programs, manufacturing and cutting-edge research. Responsibilities:

Responsibilities:

Develop and implement Information Security Framework that includes policies, standards and processes based on international standards (e.g. ISO27001, ISO 27701, HIPPA) as well as legal and regulatory requirements (e.g. NESA, GDPR, ADGM, ADHICS) ensuring its policies and procedures are adopted and adhered to.
Should have a strong understanding of Healthcare technology and security requirements for healthcare organizations of UAE.
Develop an overall information security and compliance strategy, and recommends appropriate controls and tools in line with G42 Healthcare objectives.
Defines and implements a risk management framework for healthcare entity inline with G42 enterprise risk management to ensure that IT security and risks are managed to acceptable levels and in compliance with ADHICS and ADGM regulations.
Conducts the Technology Risk assessment for new business and IT projects, identify risks and threats and monitor risk.
Ensures there is sufficient visibility at the appropriate management level for every risk – its impact, and cost of mitigation.
Ensure effective implementation of information security projects aligned to applicable regulatory requirements. (e.g. ADHICS, ADGM).
Provide quarterly ADHICS information security submissions and work on gaps to implement adequate controls to ensure that ADHICS scope entities are compliant with appropriate regulatory security controls.
Directs and guides internal teams and/ or external providers to ensure that all information assets are well protected. Reviews, actions any exception to policies and standards based on impact and takes ownership for all Information security initiatives.
Keeps abreast with market trends and latest products related to healthcare and information security and maintains a broad understanding of the environment, to source services from the external market.
Develops, manages, maintains, and regularly tests security incident-response-plan that ensures all critical security incidents are reported, documented, resolved and recovered.
Design, build, deployment and operation of security-focused infrastructure and provide consultation, architectural review, risk assessment for G42 infrastructure and services.
Coordinate with internal teams to implementation of Information security controls as per recommendation from G42 IT GRC, IS GRC team, Internal Audits and External Audits.
Drive IT teams in conducting RCSA (Risk Control Self-Assessment) to ensure appropriate process, technical, security risk are highlighted and implemented.
Conduct industry benchmarking, regulatory requirement gathering and peer-based analysis of available controls, risk assessment methodologies and risk mitigation practices to assess for coverage gaps.
Actively evaluate and supervise information security and information technology controls for healthcare industry.
Develop security and information technology metrics including; KRIs and KPIs, to continuously monitor and guide program level risks.
Building strong relationship with key stakeholders in G42 IT and with G42 Healthcare Functions.
Assuring that the quality of the services delivered by suppliers meets contractual commitments and business needs and managing risks associated with information security, continuity and integrity of supply.
Managing senior security professionals and groups, determining and delegating management responsibilities, setting performance objectives, and monitoring progress against agreed quality and performance criteria.
Represent information security for G42 Healthcare for any Internal and External audits.

Qualifications:

Qualifications and Experience:

Bachelors or Master’s degree in IT, Computer science, Software engineering, Data
Experience with Cloud Computing and Cloud Security.
Industry certification in one or more of the following: CISA, CISM, CISSP, Azure Architect, AWS Architect, CCSP, etc.
Preferred to have HealthCare Security Certification (HCISPP)

Skills:

A minimum of a Bachelor’s degree and a strong interest in Information and Healthcare Security and Cloud Security.
Experience of 10 years professional experience in IT/ Information Security and at least 5 years of experience in healthcare industry (in UAE is preferred).
Should hold one or more certifications - Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manger (CISM).
The HealthCare Security Certification (HCISPP) is desirable.
Experience in risk management, information security, security operations, and security review.
Relevant experience working in the healthcare/life sciences industry with a deep understanding of regulatory frameworks such as ADHICS, FDA, CE, HIPAA, HITRUST, DOH, etc. is highly desired.
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
Must be able to effectively liaise with internal direct reports and senior management as well as external customers, clients, partners and stakeholders.
Must be a critical thinker, with strong problem-solving skills.
Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
The incumbent must have an in-depth understanding of IT agile software development frameworks, strong knowledge of IT best practices and protocols, operational risk management, and in-depth knowledge and expertise of the Group 42’s operations, including IT practices. Specific expertise should include:
- IT Management practices and protocols, including in-depth knowledge of international IT standards.
Solid knowledge of Cloud Security Practices and cloud models
A practical and proactive problem-solver who possesses strong business acumen and is confident, mature, and calm.
Excellent time management skills with the ability to prioritize and multitask and work under shifting deadlines in a fast-paced environment.
Ability to work independently and in a team environment with both the local and global Compliance and Legal teams and the information security teams.
Excellent written and verbal communication skills.