Information Security Specialist

Job Purpose

To ensure the organization’s compliance with Dubai Government Information Security Regulations and UAE federal cybersecurity and data protection laws by implementing, monitoring, and maintaining effective information security controls, risk management practices, and incident response mechanisms.

Key Responsibilities

1. Regulatory Compliance & Governance

• Implement and maintain controls in alignment with DESC ISR and NESA IA Standards

• Ensure compliance with UAE PDPL (Federal Decree Law No. 45 of 2021)

• Maintain the Information Security Management System (ISMS)

• Support regulatory reporting to Dubai authorities when required

• Assist in periodic compliance assessments and government audits

2. Risk Management & Control Implementation

• Conduct formal information security risk assessments

• Maintain risk registers and treatment plans

• Implement security baselines for servers, endpoints, and network devices

• Enforce access control and data classification policies

• Ensure encryption standards are applied for data at rest and in transit

3. Security Operations & Monitoring

• Monitor security events through SIEM and SOC tools

• Investigate and respond to cybersecurity incidents

• Coordinate containment and remediation actions

• Escalate reportable incidents to management and authorities where mandated

4. Data Protection & Privacy

• Support implementation of data protection impact assessments (DPIA)

• Ensure personal data processing complies with PDPL requirements

• Maintain data retention and destruction procedures

• Coordinate with Legal and HR on breach notification obligations

5. Third-Party & Cloud Security

• Conduct third-party security assessments

• Review vendor compliance with Dubai ISR requirements

• Ensure cloud deployments align with UAE data residency and classification standards

6. Awareness & Training

• Conduct mandatory cybersecurity awareness training

• Promote secure handling of government-classified information

• Support phishing simulation and testing programs

Qualifications & Experience

• Bachelor’s degree in Information Security, Computer Science, or related field

• 3–5 years of experience in cybersecurity within regulated or government-aligned environments

• Strong knowledge of:

• Dubai ISR

• NESA IA Standards

• UAE PDPL

• Professional certifications preferred:

• ISO 27001 Lead Implementer / Lead Auditor

• CEH

• CISSP (or Associate of CISSP)

Core Competencies

• Regulatory interpretation and control mapping

• Risk assessment methodology (qualitative & quantitative)

• Incident response coordination

• Security architecture fundamentals

• Audit and compliance documentation