Senior Information Security Specialist

This key role supports the implementation and continuous improvement of information security governance, risk management, and compliance (GRC) frameworks across IT and Rail Operational Technology (OT) environments. You will also support privacy programmes and ensure alignment with relevant cybersecurity and data protection regulations. Acting as the primary GRC advisor in the absence of the Head of Cyber Security, you will work closely with internal teams and external auditors to maintain audit readiness and demonstrate compliance with applicable laws, standards, and client requirements.
Main Responsibilities:
Strategic
• Support the implementation and enhancement of GRC frameworks for IT and Rail OT systems.
• Ensure compliance with international standards such as ISO/IEC 27001 and local data protection laws.
• Conduct risk assessments and contribute to enterprise risk management planning.
• Advise on policy improvements and lead the development of security documentation.
Financial
• Contribute to the planning and budgeting of compliance-related initiatives and assessments.
• Ensure that audit and risk-related activities are completed within agreed resources.
Stakeholder / Customer
• Act as a liaison with internal stakeholders, external auditors, and client representatives for GRC-related topics.
• Provide input into audit responses, compliance reviews, and external reporting.
• Collaborate with cybersecurity, legal, IT, and operational teams to ensure integrated compliance efforts.
Operational
• Conduct compliance audits, gap analyses, and privacy impact assessments.
• Monitor implementation of corrective actions from internal/external audits.
• Support the execution of the Cyber Security Management Plan, especially in governance areas.
• Ensure alignment of cybersecurity incident processes with regulatory requirements.
Capability / People
• Deliver training and awareness sessions on cybersecurity, compliance, and data protection.
• Promote a strong culture of risk awareness, data protection, and regulatory compliance.
• Support the Head of Cyber Security in developing audit readiness and internal review capabilities
MINIMUM QUAIFICATIONS
Min.
Required
Desirable
Education
• Bachelor s degree in computer science, Information Management, or equivalent
• Certified in Cybersecurity (CC) certification or Lead Auditor ISO 27001
• Master s degree in information security, Information technology, or related fields.
• Certifications in advanced Information security areas like CISA, CRISC, or CISSP
Experience
• 5+ years of experience in information security, compliance, or data privacy roles.
• Demonstrated expertise in implementing and maintaining compliance frameworks.
• Experience working in regulated environments, preferably in critical infrastructure.
• Experience with international cyber security standards and frameworks beyond ISO 27001, such as ISO 27701, NIST, IEC 62443, and GDPR compliance.
Skills / Training
• Exceptional written and oral communication skills
• Strong understanding of legislation and regulations
• Ability to assess and manage data protection risks effectively
• Ability to conduct training and awareness sessions effectively.
• Advanced training in risk management
• Excellent knowledge of data protection laws and regulations, including UAE Law No. 45 of 2021.

Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at abuse@naukrigulf.com