UAE National_Information Security Specialist | Corporate Services | Gr Al Futtaim Private Company (LLC)

The role supports the day-to-day operations of the Information Security function within the CISO office, combining operational security activities with Governance, Risk, and Compliance (iGRC) responsibilities. As a key member of the Information Governance, Risk, and Compliance (iGRC) subfunction, the role supports the development, implementation, and oversight of risk management practices to safeguard the organization’s digital assets and mitigate cybersecurity threats in alignment with Al-Futtaim Group Digital Risk Management and Enterprise Risk Management processes and standards.

The position acts as a central coordination point for digital risk activities across aligned enterprise business lines and supports collaboration across departments to strengthen security, risk management, and compliance outcomes. This role offers an opportunity to build hands-on experience across information security operations and digital risk management while contributing to the organization’s overall security posture.

What you will do

• Support the implementation and ongoing operation of digital risk management activities to identify, assess, and mitigate cybersecurity risks. Maintain and apply the established digital risk management framework aligned with recognized industry standards such as NIST, COBIT, and ISO/IEC 27001, and support periodic risk reviews and updates.

• Monitor and support compliance with applicable cybersecurity and privacy regulations and standards, including ADHICS, CBUAE-IA, PCI-DSS, ISO/IEC 27001, ISO/IEC 27701, ISO 22301, and ISO 28000.

• Assist in conducting gap assessments, tracking compliance requirements, documenting gaps, and supporting remediation actions to reduce regulatory, financial, and legal risk.

• Work closely with IT, compliance, legal, and business teams to support regular security assessments and compliance reviews. Coordinate inputs, follow up on actions, and support the execution of agreed remediation plans.

• Support the execution of security awareness initiatives through emails, posters, newsletters, and intranet communications to reinforce information security practices and promote a culture of security awareness across the organization.

• Assist with the planning, execution, and monitoring of simulated phishing exercises. Support analysis of results and dissemination of targeted awareness or follow-up training to improve employee awareness and response to phishing threats.

• Prepare and maintain operational documentation and reports related to security risk assessments, compliance reviews, and control effectiveness. Ensure findings, recommendations, and remediation actions are accurately documented and tracked to closure.

• Provide operational support for internal and external audits and regulatory inspections by coordinating evidence collection, tracking audit actions, and supporting closure of audit findings. Engage with internal and external auditors and internal stakeholders to support compliance with applicable standards and regulatory requirements, particularly within healthcare, insurance and automotive business lines.

• Support third-party risk assessments by applying defined risk scoring criteria based on inherent risk factors such as data sensitivity, system access, and business criticality. Maintain assessment records and support follow-up on remediation actions with vendors and internal stakeholders.