Senior CyberSecurity Compliance Analyst
  • United Arab Emirates Dubai
  • The Emirates Group
1 year before
31.12.2023
Oversee and Govern
Cybersecurity Management
Job Description

Job Purpose
The senior analyst is an experienced regulatory compliance analyst with a background in cybersecurity. Their primary responsibility is to plan and lead the execution of risk assessments, compliance reviews, vulnerability assessments and measure compliance against EU-GDPR, UK DPA and PCI-DSS standards. The senior analyst's work output also supports continuous review and compliance to internal policies and standards.

Job Outline:
- Assess risk and conduct root cause analysis to recommend, implement and/or design new features and functionalities to support compliance initiatives.
- Manage implementation of any new compliance requirements for existing or new needs.
- Manage all evidence collection activities relating to compliance.
- Coordinate with all business units and the enterprise to obtain and validate evidence required for compliance and assessments.
- Incrementally improve the evidence collection process and streamline evidence collection procedures.
- Communicate regularly PCI DSS, EUGDPR requirements and the status of PCI DSS and EU-GDPR compliance to IT, Data Privacy Office, business units, and enterprise executives, management, and liaisons.
- Communicate regularly with assessors and adjust the compliance program as needed.
- Coordinates with company and vendor SMEs to ensure adherence to program requirements.
- Manage relationship of compliance needs in conjunction with needs of the other cyber departments.
- Challenge and validates assessment decisions from both internal business units as well as external partners/vendors.
Qualifications & Experience
Information Technology.Other : 5+ Years

Degree or Honours (12+3 or equivalent) :

Degree in a subject relevant to IT.
- ISA certification/designation with a previous PCI DSS compliant entity, PCIP or QPASP certification.
- Certified IAPP/CIPP.
- Experience in managing or assessing successful/compliant PCI DSS program(s).
- Minimum seven (7) years of relevant experience (information security, audit, compliance, risk management)
- Candidates with experience in a Level-1 Merchant or significant global business are preferred.
Knowledge/skills:
- Working knowledge of UK and EU data protection legislation (including DPA and GDPR)
- Data Discovery and Data Flow Mapping
- Data quality and data cleansing techniques
- Business Risk Management
- IT Audit and Information Security Management Systems
Leadership Role : NO
Salary & Benefits
Join us in Dubai and enjoy an attractive tax-free salary and travel benefits that are exclusive to our industry, including discounts on flights and hotels stays around the world. You can find out more information about our employee benefits in the Working Here section of our website www.emirates.com/careers. Further information on what’s it like to live and work in our cosmopolitan home city, can be found in the Dubai Lifestyle section.

Quick response
Required Knowledge
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0008   Knowledge of applicable business processes and operations of customer organizations.
  • K0026   Knowledge of business continuity and disaster recovery continuity of operations plans.
  • K0038   Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • K0054   Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
  • K0149   Knowledge of organization's risk tolerance and/or risk management approach.
  • K0169   Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  • K0261   Knowledge of Payment Card Industry (PCI) data security standards.
  • K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
Required Skills
  • S0018   Skill in creating policies that reflect system security objectives.
  • S0027   Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • S0086   Skill in evaluating the trustworthiness of the supplier and/or product.
Required Abilities
  • A0161  Ability to integrate information security requirements into the acquisition process; using applicable baseline security controls as one of the sources for security requirements; ensuring a robust software quality control process; and establishing multiple sources (e.g., delivery routes, for critical system elements).