M42
Senior Analyst – Information Security
- Permanent
- Abu Dhabi, United Arab Emirates
- Experience 5 - 10 yrs
Job expiry date: 30/03/2026
Job overview
Date posted
13/02/2026
Location
Abu Dhabi, United Arab Emirates
Salary
AED 20,000 - 30,000 per month
Compensation
Comprehensive package
Experience
5 - 10 yrs
Seniority
Senior & Lead
Qualification
Bachelors degree
Expiration date
30/03/2026
Job description
The Senior Analyst – Information Security at M42 plays a critical role in safeguarding healthcare information assets by developing, implementing, and maintaining a comprehensive Information Security Framework aligned with international standards and regional regulatory requirements. Operating within a highly regulated healthcare and life sciences environment, the role supports the protection of sensitive genomic, clinical, and population health data across national programs and global initiatives. The incumbent is responsible for establishing enterprise-wide governance, risk, and compliance (GRC) processes, conducting technology risk assessments, managing RCSA activities, and ensuring alignment with frameworks such as ISO 27001, ISO 27701, HIPAA, GDPR, ADHICS, ADGM, and NESA. The role also oversees security metrics, regulatory submissions, third-party risk assessments, and incident response management to ensure resilience against evolving cyber threats. Working closely with IT, Compliance, Internal and External Audit, and healthcare stakeholders, the Senior Analyst provides leadership in regulatory gap analysis, control effectiveness assessments, and audit remediation activities. The position demands deep expertise in healthcare cybersecurity, cloud security practices, and operational risk management, combined with strong analytical, communication, and stakeholder engagement capabilities to translate complex security risks into actionable insights for senior leadership.
Required skills
Key responsibilities
- Develop, implement, and maintain an enterprise-wide Information Security Framework aligned with ISO 27001, ISO 27701, HIPAA, ADHICS, GDPR, and related standards
- Define and execute an information security and compliance strategy aligned with organizational objectives
- Establish and manage a healthcare-focused information security risk management framework aligned with enterprise risk practices
- Conduct technology risk assessments and lead RCSA activities for new IT initiatives and digital transformation projects
- Provide management-level visibility of security risks, mitigation strategies, and associated financial or operational impacts
- Perform regulatory gap analysis, industry benchmarking, and control maturity assessments to drive continuous improvement
- Develop, monitor, and report KRIs and KPIs to support informed risk and compliance decision-making
- Lead and support security initiatives, ensuring alignment with regulatory, legal, and business requirements
- Manage and respond to information security and data privacy incidents, maintaining and testing incident response plans
- Oversee evaluation and effectiveness of IT and information security controls across healthcare systems
- Coordinate with IT GRC, Internal Audit, External Audit, and Compliance teams to implement audit findings and recommendations
- Manage regulatory submissions, including quarterly ADHICS submissions, and address compliance gaps
- Assess and manage third-party and supplier security risks to protect data integrity and service continuity
- Deliver security awareness training and promote adherence to policies and best practices
- Build strong relationships with internal stakeholders and represent Information Security in audits and regulatory engagements
Experience & skills
- 5–10 years of experience in Information Security, with at least 5+ years in healthcare or life sciences environments
- Strong experience in technology risk assessments, RCSA, and managing security risks in regulated industries
- Deep knowledge of ADHICS, HIPAA, GDPR, HITRUST, DOH, FDA, CE, and international information security standards
- Strong understanding of cloud security practices and service models (AWS, Azure)
- Experience in IT governance, operational risk management, and secure software development practices
- Excellent communication skills with the ability to engage senior leadership and translate technical risks into business language
- Strong analytical, problem-solving, and stakeholder management capabilities
- Fluent in written and spoken English
- Professional certifications such as CISA, CISM, CISSP, CCSP, AWS/Azure Architect, or ITIL v4 preferred