IS Analyst - Data Security and Access Governance

IS Analyst - Data Security and Access GovernanceLocation: United Arab Emirates (Abu Dhabi)Job DescriptionRole: IS Analyst - Data Security and Access GovernanceRole Purpose: To support Access Governance and Data Security Governance functions under the Group Information Security Department. This role will be key in performing timely access reviews and data security assessments which will help improve the bank’s security posture.Key AccountabilitiesPerform access reviews on business application access, infrastructure application access, or any other special access provided to users.Ensure access governance policies are applied across all access provided to staff throughout the organization, including business and infrastructure applications.Perform ad‑hoc access reviews on applications based on identified risk escalations.Review application matrices for business departments and highlight any unauthorized or risky access based on the principles of least privilege and segregation of duties.Coordinate with business units, HR, and ICD to identify unauthorized access and take necessary remediation actions.Govern privileged access provided to staff.Assess exceptions to the approved access matrix and highlight any identified risks.Govern the IDAM solution and ensure access governance policies on IDAM workflows.Govern the PAM solution and ensure access governance policies on PAM workflows.Support and contribute to the bank‑wide data classification exercise for the entire bank.Develop and maintain DLP policies, rules, and exceptions.Periodically review data protection policies.Maintain updated data registers and assist in implementing DLP rules for completed data registers.Create data flow maps from data registers.Report timely KPI and KRI related to data security and access governance.Participate in information security programs and projects.Support information security compliance assessments, audits, gap analyses, and remediation related to data security and access governance.Specialist Skills / Technical KnowledgeKnowledge of Identify and Access Management solutions and methodologies.Knowledge of privileged management solutions and DLP solutions, preferably Forcepoint or Microsoft Purview.Knowledge of information security & control frameworks, regulations, international standards, and best practices.Experience in managing policy exceptions, including working directly with teams to document exceptions, identify compensating controls, and remediation action plans.Ability to work independently without detailed guidance.At least one security, risk, or IT certification held or in process (e.g., CISSP, ITIL, CISM, ISO 27001, Security+).Bachelor’s degree in computer science or information security from an accredited 4‑year university (Master’s degree preferred).#J-18808-Ljbffr