Information Security Analyst - Governance Risk and Compliance
Posted date [2026-04-23]
(ID: 44374)
 |
Established in the 1930s as a trading business, Al-Futtaim is one of the most progressive regional family business houses headquartered in Dubai, United Arab Emirates. |
Job Snapshot
Role: Information Security Analyst - Governance Risk and Compliance
Location: Dubai, UAE
Industry: Information Technology
Function: Information Security
Experience: 4-5 years
Job Type: Full-time
Position Overview
Information Security Analyst - Governance Risk and Compliance hiring opportunity in Dubai, UAE within the Information Technology sector for professionals with strong cybersecurity governance and compliance expertise. Al-Futtaim Group is seeking a detail-oriented Information Security Analyst to support the CISO office by managing digital risk activities, compliance monitoring, audit readiness, and cybersecurity governance while strengthening enterprise-wide security posture across regulated business divisions.
Job Details
Country: UAE
City: Dubai
Industry: Information Technology
Function: Information Security
Salary: 16000-24000
Estimated salary range based on similar jobs in Dubai; please confirm the final offer with the employer.
Gender: Any
Candidate Nationality: Any
Job Type: Full-time
Position Overview
The Information Security Analyst supports the day-to-day operations of the Information Security function within the CISO office by combining operational security activities with Governance, Risk, and Compliance responsibilities. This role helps protect enterprise digital assets by managing cyber risk assessments, regulatory compliance, audit coordination, and third-party risk activities across multiple business lines including healthcare, insurance, and automotive.
Key Responsibilities
* Support implementation and continuous operation of digital risk management activities to identify, assess, and mitigate cybersecurity risks
* Maintain and apply digital risk management frameworks aligned with standards such as NIST, COBIT, and ISO/IEC 27001
* Support periodic security risk reviews, control evaluations, and risk register maintenance across enterprise operations
* Monitor compliance with cybersecurity and privacy regulations including ADHICS, CBUAE-IA, PCI-DSS, ISO/IEC 27001, ISO/IEC 27701, ISO 22301, and ISO 28000
* Assist with gap assessments, compliance tracking, remediation documentation, and closure of regulatory and audit findings
* Coordinate with IT, legal, compliance, and business teams to support security assessments and remediation activities
* Support execution of security awareness campaigns through newsletters, posters, emails, and internal communication channels
* Assist with simulated phishing exercises, reporting, awareness follow-up, and employee security education
* Prepare and maintain documentation related to security assessments, compliance reviews, audit evidence, and control effectiveness
* Provide operational support during internal and external audits and regulatory inspections by coordinating evidence and action tracking
* Support third-party risk assessments using defined scoring criteria and vendor risk evaluation processes
* Maintain audit-ready compliance records and support timely remediation follow-up with vendors and internal stakeholders
Ideal Profile
* Bachelor’s degree in Information Technology, Computer Applications, Cybersecurity, or related discipline
* Minimum 4 to 5 years of experience in Security Risk and Governance within customer-facing or enterprise environments
* Practical experience in information security governance, risk, and compliance including risk assessments and compliance reviews
* Strong working knowledge of ISO/IEC 27001, NIST, COBIT, PCI-DSS, and related cybersecurity frameworks
* Familiarity with UAE regulatory standards such as ADHICS and CBUAE-IA and experience supporting compliance activities
* Experience supporting third-party risk assessments, vendor risk scoring, and remediation follow-up
* Strong analytical, documentation, and reporting skills with audit-ready discipline
* Ability to manage multiple priorities while maintaining confidentiality and operational accuracy
* Professional certifications such as ISO 27001 Lead Implementer, Lead Auditor, CRISC, or CISM are preferred
Skills Set
* Cybersecurity governance and compliance
* Information security risk management
* Digital risk assessments
* Audit coordination and evidence management
* Regulatory compliance monitoring
* Third-party risk assessment
* ISO 27001 and NIST framework support
* Security awareness program execution
* Phishing simulation monitoring
* Compliance reporting and remediation tracking
Why Join Us
* Work directly within the CISO office of one of the UAE’s leading diversified business groups
* Gain exposure across highly regulated industries including healthcare, insurance, and automotive
* Build strong expertise in cybersecurity governance, audits, and enterprise risk management
* Collaborate with senior leadership, auditors, and cross-functional business teams
* Access strong career development opportunities within Al-Futtaim’s digital and security functions
* Competitive salary package with excellent employee benefits and long-term stability
* Join a values-driven organization focused on resilience, compliance, and digital transformation
About the Company
Al-Futtaim Group is one of the UAE’s most respected diversified business groups, operating across automotive, retail, healthcare, financial services, real estate, and technology. With a strong commitment to innovation, governance, and operational excellence, Al-Futtaim continues to strengthen its digital security landscape while delivering trusted services across the Middle East, Asia, and Africa.
