Information Technology Security Officer

Company Description

Kanad Hospital, established in 1960 as the first hospital in Abu Dhabi Emirate, is a not-for-profit healthcare institution renowned for its exceptional obstetrics and pediatric care. Committed to providing whole-person healthcare with love and compassion, Kanad Hospital follows the teachings of Jesus and aims to serve women, children, and their families in the community. The hospital has achieved JCI accreditation and is globally recognized for its innovative care programs, such as the treatment of Respiratory Distress Syndrome in newborns. Located in Al Ain, Kanad Hospital continues its mission to deliver quality healthcare while upholding its core values of love, integrity, service, and excellence.

Role Description

The Information Security & Data Protection Officer (IS/DPO) is responsible for overseeing Kanad Hospital’s information security, data protection, and privacy program in compliance with UAE laws, ADHICS standards, and international best practices. The role ensures lawful and secure processing of Personal Identifiable Information (PII) and Personal Health Information (PHI), implements privacy-by-design principles in clinical, administrative, and digital workflows, and leads key security projects including SOC, SIEM, and Data Loss Prevention (DLP) initiatives.

Essential Job Functions

• Develop, implement, and monitor a strategic, comprehensive data protection, enterprise information security, and IT risk management program aligned with ADHICS, UAE privacy laws, and international standards.
• Ensure no conflict of interest in execution of DPO duties and act as primary contact for data subjects and regulatory authorities.
• Maintain a data processing register and oversee Data Protection Impact Assessments (DPIA) for systems processing PII and PHI, including automated, profiling, or large-scale data processing.
• Implement and monitor mechanisms to support data subject rights:
• Access to PHI/PII processing information
• Data transfer to data subjects or other controllers in machine-readable format
• Correction or deletion of PII/PHI4.4.4.Restriction of processing and retention for legal claims.
• Objection to automated decisions and profiling outcomes
• Maintain records of disclosures and data sharing involving PII and PHI.
• Review and appropriately reject data subject requests when:
• Interferes with judicial investigations or public interest
• Deletion conflicts with legal requirements
• Restriction undermines information security protection efforts
• Violates others’ privacy or confidentiality
• Automated processing is covered by valid consent or legal basis
• Execute periodic and ad-hoc compliance checks, privacy audits, and cyber risk assessments.
• Recommend and implement remedial actions for security, privacy, and compliance gaps.
• Contribute to Risk Management Framework documentation and activities, including secure system lifecycle support and PHI handling.
• Participate in risk governance committees and report security and data protection risks to hospital leadership.
• Lead and monitor implementation of SOC, SIEM, and PHI monitoring systems to identify threats and unauthorized access.
• Oversee and enhance DLP governance for PHI/PII, including detection, prevention, and incident response controls.
• Conduct privacy and cyber security awareness training for clinical, frontline, and administrative staff.
• Collaborate with IT, clinical, and operational departments to ensure privacy-by-design in system rollouts, vendor assessments, and digital transformation projects.
• Investigate and coordinate responses to data breaches involving PII and PHI, ensuring timely notification and reporting.
• Act as liaison with legal counsel, regulatory authorities, and certification bodies regarding data protection and ADHICS assessments.
• Define and enforce security protocols, policies, and procedures, ensuring compliance with UAE regulations and international standards.

Qualifications

Bachelor’s Degree in Information Technology, Computer Science, or Cybersecurity. Diploma holders with strong relevant experience may be considered.

3–5 years of professional experience in Information Security. Minimum 2 years of hands-on experience with DLP and SOC/SIEM projects.

Salary range: 12 to 15KAED/month