Compliance Analyst - IT

Job Purpose:

The Compliance Analyst will assist the Information Security Manager and the Compliance Officer in managing compliance programs across all entities, primarily focusing on the Healthcare Group. The core responsibility of this role is to ensure that healthcare retail operations comply with legal and regulatory standards in different emirates. This includes managing ISO27001:2022 and ISO20000:2018 standards certification of ABH IT. The Compliance Analyst is responsible for managing IT governance best practices, Enterprise Risk Management (ERM) process and ensuring adherence to standards & regulatory requirements. The Compliance Analyst will also be responsible for maintaining strong relationships with compliance and IT representatives across all group entities, fostering collaboration to align IT GRC initiatives with the organization's overall risk and compliance strategy.

Key Roles and Responsibilities:

1: Business Performance

• Maintain and continuously enhance the Information Security Management System (ISMS) and IT Service Management (SMS) compliance frameworks aligned with latest certification of ISO 27001 and ISO 20000-1.
• Oversee periodic compliance reporting, including monthly ISMS dashboards and KPI submissions reflecting Group IT performance and control maturity.
• Lead periodic IT Business Continuity Plan (BCP) for reviews, updates, and testing in line with the latest technological advancements and regulatory requirements.
• Coordinate and validate audit and assurance deliverables (ITGC audits, ADHICS, internal audits, ISO surveillance) ensuring completeness, accuracy, and traceability of evidence.
• Manage risk and third-party due-diligence reviews for IT, cloud, and healthcare systems, incorporating policy control assurance and regulatory alignment.
• Contribute to the IT GRC strategic roadmap, cost model, and performance-driven initiatives under the Albatha Cybersecurity Strategy.

2: Customers and Partner Relations

• Liaise with internal and external audit partners to facilitate evidence submission, control walkthroughs, and post-audit assurance validation.
• Support Group and Operating Company IT teams in achieving audit readiness and compliance closure within defined timelines.
• Engage with healthcare entities and regulatory bodies (e.g., DOH, DHA, MOHAP) to support assurance reviews, ADHICS compliance, and data-protection assessments.

3: People Management

• Guide IT leads and operations staff in maintaining evidence records, and complete relevant compliance checklists, ensuring accuracy and consistency.
• Facilitate knowledge transfer and training sessions on AI security, risk management, and audit preparation for IT and business teams.
• Promote a compliance-aware culture by supporting user awareness campaigns, ISO control refresher sessions, and healthcare privacy initiatives.
• Act as a bridge between IT operations, data owners, and the IS team, driving accountability and collaboration across departments.

4: Leadership/Innovation

• Drive adoption of AI-enabled compliance automation using Generative and agentic AI tools to optimize reporting, evidence gathering, and assurance tracking.
• Pioneer integration of AI governance frameworks (ISO 42001 and Responsible AI principles) into the Group's risk and compliance ecosystem.
• Lead innovation in compliance reporting through dashboard visualization, predictive compliance analytics, and cross-framework mapping.
• Identify opportunities to embed resilience and assurance thinking into new IT initiatives, ensuring proactive compliance alignment from design stage.
• Serve as an assurance focal point for emerging technology and healthcare compliance convergence, ensuring continued maturity in Albatha's GRC posture.

Education Qualification and Experience:

• A university degree or equivalent
• Mandatory certification: ISO 27001:2022 Lead Implementer or Lead Auditor, ISO 22301:2019 Lead Implementer or Auditor
• Desired Certifications: Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC).
• Standards & Frameworks: ISO 27001, ISO 20000-1, ISO 31000, UAE's IA Standards & National CSC Policies, NIST CSF, ADHICS, DHA/MOHAP healthcare information-security controls, and UAE PDPL.
• Healthcare Experience: Exposure to regional healthcare compliance environmentssupporting hospital groups, labs, or healthcare operators under ADHICS or HIPAA-aligned controls.
• Assurance Expertise: Experience providing assurance for healthcare audits, cybersecurity and ISO assessments, and BCP/DR readiness reviews.
• AI Governance: Knowledge of responsible AI principles, AI risk assurance, and AI security implementation.
• Technical Awareness: Understanding of network security, endpoint protection, server patching, backup management, and SAP application security.
• Process Competence: Proficiency in ITIL processesChange, Incident, Problem, Release, and Service Continuity Management.