Senior Specialist - Information Security

Job description / Role

• Information Security Strategy & Governance Develop and implement security strategies and policies aligned with industry standards (e.g., NIST, ISO 27001, CIS) to protect the organization’s data and information systems. Advise on security governance and assist in ensuring compliance with regulations (e.g., GDPR, CCPA, HIPAA) and internal security standards. Perform security audits and risk assessments to identify vulnerabilities and implement mitigating controls. Monitor and track compliance with internal security policies, procedures, and controls.
• Risk Management & Incident Response Conduct regular risk assessments to identify potential security threats and vulnerabilities across the organization’s IT infrastructure. Lead the response to security incidents, ensuring effective containment, investigation, and remediation. Coordinate with stakeholders to prepare and update incident response plans and conduct regular tabletop exercises to ensure preparedness. Ensure the organization’s data privacy and security policies are continually updated to reflect evolving cybersecurity threats.
• Security Architecture & Design Collaborate with IT and development teams to design and implement secure system architectures and security protocols. Classified as Solutions+ Internal Evaluate and recommend security tools, solutions, and technologies that enhance the security posture of the organization. Provide input into system and network designs to ensure security best practices are implemented.
• Security Operations & Monitoring Oversee and manage the monitoring of network traffic, systems, and applications for signs of security breaches and vulnerabilities. Implement security measures such as firewalls, intrusion detection systems (IDS), encryption, and access controls. Work with IT and security teams to ensure effective patch management, vulnerability scanning, and threat intelligence analysis. Continuously monitor emerging security threats and trends to proactively address potential risks.
• Training & Awareness Lead the development and implementation of information security awareness training programs for employees at all levels. Educate staff on security best practices, policies, and procedures to reduce human risk factors (e.g., phishing attacks, social engineering). Provide mentoring and guidance to junior information security staff and other internal stakeholders.
• Vendor & Third-Party Risk Management Assess and manage the security risks associated with third-party vendors, ensuring compliance with security standards and policies. Conduct third-party security assessments and audits to ensure that vendors meet the organization's security requirements.
• Reporting & Documentation Prepare and present regular security reports and risk assessments to senior leadership, providing recommendations for improvement. Maintain and update security documentation, including incident logs, vulnerability assessments, risk management plans, and security policies.

• Minimum of 5-7 years of experience in information security or cybersecurity, with at least 3 years in a senior or specialized role.
• Proven experience with security technologies, including firewalls, encryption, SIEM tools, IDS/IPS, and endpoint security solutions.
• Experience conducting risk assessments, vulnerability management, and security audits. • Experience with regulatory requirements such as GDPR, HIPAA, PCI-DSS, or SOX.
• Familiarity with incident response, forensics, and disaster recovery planning.

About the Company

Solutions+, is a wholly owned subsidiary of Mubadala Investment Company.

Established 10 years ago, we are the leading UAE shared services company offering a range of solutions from finance, human resources, IT, procurement, facilities, and sustainability.

Solutions+ portfolio of brands cover various service sectors across the UAE including sports and entertainment, in addition to business processes and ESG.

Our vision is to drive value, for our clients and our nation, by providing world-class business performance solutions. Leveraging our deep knowledge and expertise, sustainable processes, and cutting-edge technologies, we offer direct management and counsel across vital infrastructure functions, from operations to digital services.