Abu Dhabi Islamic Bank
IS Analyst - Data Security and Access Governance
- Permanent
- Abu Dhabi, United Arab Emirates
- Experience 2 - 5 yrs
Job expiry date: 27/05/2026
Job overview
Date posted
12/04/2026
Location
Abu Dhabi, United Arab Emirates
Salary
AED 15,000 - 20,000 per month
Compensation
Job description
The IS Analyst - Data Security and Access Governance role within the Group Information Security Department supports Access Governance and Data Security Governance functions for the bank, focusing on improving overall security posture through timely access reviews and data security assessments. The role involves performing access reviews on business application access, infrastructure application access, and special user access, ensuring access governance policies are applied across all staff access within business and infrastructure applications. The position requires reviewing application access matrices, identifying unauthorized or risky access based on least privilege principle and segregation of duties, coordinating with business units, HR department and ICD for remediation, and governing privileged access. The analyst governs Identity and Access Management (IDAM) solutions and Privileged Access Management (PAM) solutions, ensuring access governance policies across workflows. The role also supports bank-wide data classification exercises, develops and maintains Data Loss Prevention (DLP) policies, rules, and exceptions, conducts periodic review of data protection policies, maintains updated data registers, implements DLP rules, and creates data flow maps. Additional responsibilities include KPI and KRI reporting related to data security and access governance, participation in information security programs and projects, and supporting compliance assessments, audits, gap analyses, and remediation activities. The role requires knowledge of Identity and Access Management solutions and methodologies, privileged management solutions, DLP solutions such as Forcepoint or Microsoft Purview, information security frameworks, regulations, international standards, and best practices, as well as experience managing policy exceptions, documenting exceptions, identifying compensating controls, and implementing remediation action plans. The candidate must hold or be pursuing certifications such as CISSP, ITIL, CISM, ISO 27001, or Security+ and possess a Bachelorās degree in computer science or information security from an accredited 4-year university, with a Masterās degree preferred.
Required skills
Key responsibilities
- Perform periodic access reviews on business applications, infrastructure applications, and special access accounts while ensuring compliance with access governance policies across all user access within the organization including staff, privileged users, and exception-based access
- Review application access matrices for business departments, identify unauthorized or risky access, enforce least privilege principle and segregation of duties, and escalate risks while coordinating remediation activities with business units, HR department, and ICD
- Govern privileged access management by reviewing privileged accounts, monitoring special access permissions, validating approval workflows, and ensuring compliance with access governance policies across PAM and IDAM solutions
- Perform ad-hoc access reviews based on risk escalations, investigate policy exceptions, document findings, identify compensating controls, and implement remediation action plans in coordination with stakeholders
- Support bank-wide data classification initiatives, maintain data registers, implement DLP rules, develop DLP policies, rules, and exceptions using solutions such as Forcepoint or Microsoft Purview, and conduct periodic review of data protection policies
- Create data flow maps from data registers, analyze data movement across systems, identify data security risks, and recommend controls aligned with data security governance standards
- Prepare timely KPI and KRI reporting related to data security and access governance, track compliance metrics, monitor remediation progress, and present findings to information security management
- Participate in information security programs and projects, support compliance assessments, audits, gap analyses, remediation activities, and ensure alignment with information security frameworks, regulations, international standards, and best practices
Experience & skills
- Demonstrate knowledge of Identity and Access Management solutions, methodologies, and access governance controls including least privilege principle, segregation of duties, and privileged access governance
- Possess knowledge of privileged management solutions, Data Loss Prevention technologies, and DLP solutions such as Forcepoint or Microsoft Purview including policy configuration, exception management, and rule implementation
- Demonstrate understanding of information security and control frameworks, regulations, international standards, and best practices including ISO 27001 and enterprise security governance requirements
- Show experience managing policy exceptions, documenting risk exceptions, identifying compensating controls, and implementing remediation action plans with business stakeholders
- Hold at least one professional certification such as CISSP, ITIL, CISM, ISO 27001, or Security+ or be actively pursuing certification
- Possess Bachelorās degree in computer science or information security from an accredited 4-year university with Masterās degree preferred
- Demonstrate experience supporting audits, compliance assessments, gap analysis, and remediation related to data security and access governance
- Demonstrate capability to work independently on access governance, data security governance, IDAM, PAM, and DLP initiatives within enterprise banking environment