Information Security Specialist

Job Purpose

To ensure the organization's compliance with Dubai Government Information Security Regulations and UAE federal cybersecurity and data protection laws by implementing, monitoring, and maintaining effective information security controls, risk management practices, and incident response mechanisms.

Key Responsibilities

1. Regulatory Compliance & Governance

Implement and maintain controls in alignment with DESC ISR and NESA IA Standards

Ensure compliance with UAE PDPL (Federal Decree Law No. 45 of 2021)

Maintain the Information Security Management System (ISMS)

Support regulatory reporting to Dubai authorities when required

Assist in periodic compliance assessments and government audits

2. Risk Management & Control Implementation

Conduct formal information security risk assessments

Maintain risk registers and treatment plans

Implement security baselines for servers, endpoints, and network devices

Enforce access control and data classification policies

Ensure encryption standards are applied for data at rest and in transit

3. Security Operations & Monitoring

Monitor security events through SIEM and SOC tools

Investigate and respond to cybersecurity incidents

Coordinate containment and remediation actions

Escalate reportable incidents to management and authorities where mandated

4. Data Protection & Privacy

Support implementation of data protection impact assessments (DPIA)

Ensure personal data processing complies with PDPL requirements

Maintain data retention and destruction procedures

Coordinate with Legal and HR on breach notification obligations

5. Third-Party & Cloud Security

Conduct third-party security assessments

Review vendor compliance with Dubai ISR requirements

Ensure cloud deployments align with UAE data residency and classification standards

6. Awareness & Training

Conduct mandatory cybersecurity awareness training

Promote secure handling of government-classified information

Support phishing simulation and testing programs

Qualifications & Experience

Bachelor's degree in Information Security, Computer Science, or related field

35 years of experience in cybersecurity within regulated or government-aligned environments

Strong knowledge of:

Dubai ISR

NESA IA Standards

UAE PDPL

Professional certifications preferred:

ISO 27001 Lead Implementer / Lead Auditor

CEH

CISSP (or Associate of CISSP)

Core Competencies

Regulatory interpretation and control mapping

Risk assessment methodology (qualitative & quantitative)

Incident response coordination

Security architecture fundamentals

Audit and compliance documentation