Information Security, Senior Analyst
M42 Health · Abu Dabi, Abu Dhabi, Emiratos Árabes Unidos
Overview M42 is a global health champion powered by artificial intelligence (AI), technology and genomics to advance innovation in health for people and the planet. Headquartered in Abu Dhabi, M42 combines its specialized, state-of-the-art facilities with integrated health solutions like genomics and biobanks, and harnesses advanced technologies to deliver precise, preventive and predictive care, to disrupt traditional healthcare models and positively impact lives globally.
The role is responsible for developing, implementing, and maintaining an Information Security Framework, including policies, standards, and processes aligned with international best practices and regulatory requirements. The position plays a critical role in managing information security risks, ensuring regulatory compliance, overseeing security projects, responding to incidents, and strengthening security awareness across the organization. The role will also evaluate and supervise information security controls, develop security metrics, and build strong relationships with internal and external stakeholders to support M42’s healthcare objectives.
Responsibilities
- Develop, implement, and maintain an enterprise-wide Information Security Framework aligned with international standards (e.g., ISO 27001, ISO 27701, HIPAA) and regulatory requirements (e.g., ADHICS, ADGM, GDPR, NESA).
- Define and execute the information security and compliance strategy in alignment with M42 objectives, recommending appropriate controls, tools, and technologies.
- Establish and operate a healthcare-focused information security risk management framework aligned with M42 enterprise risk management practices.
- Conduct technology risk assessments for new business initiatives and IT projects, including driving Risk Control Self-Assessments (RCSA).
- Ensure appropriate management visibility of security risks, including impact, mitigation plans, and associated costs.
- Perform regulatory gap analysis, industry benchmarking, and control maturity assessments to identify improvement opportunities.
- Develop, monitor, and report information security and IT risk metrics, including KRIs and KPIs.
- Lead the planning and delivery of information security initiatives and projects in line with regulatory and business requirements.
- Investigate, manage, and respond to information security and data privacy incidents, including maintaining and testing the incident response plan.
- Oversee the implementation, monitoring, and effectiveness of information security and IT controls across the healthcare environment.
- Coordinate with IT GRC, internal audit, and external audit teams to implement regulatory and audit recommendations.
- Manage regulatory submissions (including ADHICS) and remediate identified compliance gaps.
- Direct internal teams and external service providers to ensure the protection of information assets and adherence to security policies and standards.
- Build strong relationships with key stakeholders across M42 IT and Healthcare functions and represent Information Security in internal and external audits.
Qualifications
- Bachelor’s or Master’s degree in IT, Computer Science, Software Engineering, or a related field.
- 5-10 years of professional experience in Information Security, with a minimum of 5 years within the healthcare industry.
- Proven experience in information security governance, risk management, compliance, and security operations.
- Strong knowledge of healthcare and data protection regulations (e.g., ADHICS, HIPAA, GDPR, HITRUST, DOH).
- Hands-on experience conducting technology risk assessments and Risk Control Self-Assessments (RCSA).
- Solid understanding of international security standards and frameworks (e.g., ISO 27001, ISO 27701).
- Experience working with cloud security architectures and cloud service models.
- Excellent written and verbal communication skills, with the ability to explain security and risk concepts to technical and non-technical audiences.
- Strong stakeholder management skills, including engagement with senior leadership, auditors, and regulators.
- Relevant industry certifications such as CISA, CISM, CISSP, CCSP, or cloud security certifications (Azure/AWS).
- Experience working in the UAE or similar regulated healthcare environments (preferred).
- ITIL v4 certification (preferred).
Sobre el empleador
M42 is an Abu Dhabi-based, global tech-enabled healthcare company operating at the forefront of medical advancement. The company is seeking to transform lives through innovative clinical solutions that can solve the world’s most critical health and diagnostic challenges. By harnessing unique medical and data-centric technologies, including genomics and AI, M42 is transforming the traditional healthcare ecosystem and delivering the highest level of precise, patient-centric, and preventative care. M42 has over 20,000 employees and more than 450 facilities in 26 countries around the world. M42 owns a wide portfolio of assets that includes Amana Healthcare, Biogenix Labs, Danat Al Emarat, Diaverum, HealthPoint Hospital, the HealthPlus network of specialty centers, Moorfields Eye Hospital Abu Dhabi, Imperial College London Diabetes Centre, Insights Research Organization & Solutions (IROS), Omics Center of Excellence and National Reference Laboratory, among others.
Empleos relacionados
- SOC LeadDynamed Healthcare Solutions · Abu Dabi, Emiratos Árabes Unidos
- Network EngineerAl Salama Hospital · Yeda, Arabia Saudí
- IT SpecialistFakeeh Care Group · Yeda, Arabia Saudí
- Installation & Upgrade SpecialistGE HealthCare · Riyadh Region, Arabia Saudí
- Information Technology, Web Developer, Graphic DesignerMagenta Investments · Dubái, Emiratos Árabes Unidos
- IT Specialist - Healthcare & AestheticsSeline Clinic Dubai · Dubái, Emiratos Árabes Unidos