Senior Information Security Governance and Risk Specialist

Key Roles & Responsibilities

1. Application Security Governance

Develop and enforce security policies, SSDLC frameworks, and threat models. Define and review security requirements, metrics, and architectures. Oversee security testing (SAST, DAST, IAST).

2. Cloud Security (Microsoft Azure)

Implement and manage Azure security controls (Security Center, Sentinel, Defender). Strengthen IAM (Azure AD), encryption, and data protection. Conduct Azure security assessments, baselines, and secure migrations.

3. Information Security Risk Management

Perform IT and application risk assessments, maintain risk registers, and track remediation. Facilitate risk workshops and control effectiveness reviews. Support enterprise risk and compliance reporting.

4. ISO 27001 Implementation & Auditing

Support ISMS implementation, audits, and corrective actions. Maintain documentation and evidence for compliance.

5. UAE IA Compliance

Ensure adherence to UAE IA standards for applications and cloud environments. Conduct compliance reviews and liaise with regulators.

6. AI Security & Governance

Establish AI/ML security frameworks and conduct model risk assessments. Implement privacy, integrity, and adversarial defense controls. Ensure ethical and regulatory AI compliance.

7. Vendor Risk Management

Assess and monitor security posture of vendors (SaaS, PaaS, IaaS). Review contracts, SLAs, and certifications.

8. Security Awareness & Training

Deliver developer-focused security training and awareness sessions. Promote secure coding and maintain security knowledge resources.

Qualifications & Experience

· Minimum 5+ years in information security with focus on application security, cloud security, and risk management.

· Expert knowledge of application security principles and OWASP Top 10.

· Deep understanding of Microsoft Azure security services and Microsoft 365 E5 security features.

· Proficiency in application security testing tools and methodologies.

· Strong knowledge of cloud security architecture (Azure, multi-cloud awareness).

· Understanding of DevSecOps practices and secure coding across multiple languages.

· Experience with API security, microservices security, and container security (Docker, Kubernetes).

· Knowledge of UAE IA Standards and ISO 27001/27002 compliance.

· Fluent in Arabic and English (written and verbal) – Mandatory.

· Strong communication skills with both technical and business stakeholders.

· Analytical thinking and problem-solving abilities.

· Ability to collaborate effectively with development and operations teams.

· Excellent documentation, reporting, and knowledge-sharing skills.

· Cultural sensitivity to the UAE business environment.

Professional Certifications (Minimum 4 required, ISO 27001 LA/LI mandatory):

o ISO 27001 Lead Auditor (LA) – Mandatory

o ISO 27001 Lead Implementer (LI) – Mandatory

o CISSP, CISM, CCSP, CSSLP, CEH, or CRISC – preferred

o Microsoft Certified: Azure Security Engineer Associate – preferred

Position Overview

We are seeking a mid-to-senior level Information Security Governance and Risk Specialist with expertise in application security governance, cloud security implementation, risk management, and compliance. The ideal candidate will have a strong focus on Microsoft environments and ISO 27001 standards, supporting secure software development, cloud adoption, regulatory compliance, and emerging AI security initiatives.