{bc}
linkedin

Cybersecurity & Compliance Specialist

Salvone Technology Solutions DMCC
Dubai, UAE
Full Time
Mid
1 months ago
Vulnerability ManagementISO 27001Cyber Essentials PlusNHS DSPTUK GDPRSIEM (Wazuh)
Free

Job Fit Check

Base Career helps you apply smarter for this job.

?%
Ready to Scan

Key skills for this role

Vulnerability ManagementISO 27001Cyber Essentials Plus
Smart Apply

Full Job Posting

About Salvone

  • Salvone Technology Solutions is the technology arm of a leading UK healthcare provider.
  • We design and operate platforms, ERP, integrations, analytics, and workforce systems for hospitals, residential homes, supported living, and nursing services.

Role Purpose

  • You will own the day to day security posture of our estate and drive certifications and data protection obligations.
  • This is a hands on specialist role working closely with development and enterprise applications teams.

Security Operations & Posture

  • Run vulnerability management end to end: scanning, triage, remediation tracking, and verification.
  • Oversee patch compliance and hardening baselines across cloud, servers, and endpoints.
  • Monitor security events and alerts through our SIEM (Wazuh), investigate anomalies, and tune detection.
  • Maintain endpoint protection coverage and review logs for early signs of compromise.
  • Track and reduce security debt with clear owners and dates.

Compliance & Certifications

  • Drive the ISO 27001 programme day to day: maintain the ISMS, implement and evidence controls, and prepare for audits.
  • Deliver Cyber Essentials Plus and the NHS DSPT submission, keeping evidence current year round.
  • Assemble and maintain NHS DTAC assessment packs for our platforms.
  • Maintain a single, audit ready control and evidence library; run and improve compliance tooling.

Data Protection (UK GDPR / DPA 2018)

  • Maintain the Record of Processing Activities (ROPA) and data retention schedules.
  • Run Data Protection Impact Assessments (DPIAs) for new systems and data flows.
  • Operate the data subject request and breach processes, including ICO notification timelines.
  • Support our obligations as a data processor to our clients.

Identity, Access & Resilience

  • Run quarterly access reviews and enforce least privilege across systems.
  • Apply a security lens to joiner/mover/leaver and secrets hygiene.
  • Maintain incident response runbooks, run tabletop drills, and lead post incident reviews.
  • Verify backups and recovery from a security standpoint.

Vendor Security & Awareness

  • Complete inbound client security questionnaires and run outbound supplier security reviews.
  • Run security awareness training and phishing simulations, and write policies.

Required Qualifications

  • 2–4 years in a cybersecurity, GRC, or security focused IT role.
  • Hands on contribution to at least one compliance framework — ISO 27001, Cyber Essentials, SOC 2, or NHS DSPT.
  • Working knowledge of UK GDPR / Data Protection Act 2018 in practice.
  • Familiarity with cloud security (AWS preferred): IAM, security groups, GuardDuty, Config, and logging.
  • Microsoft 365 / Entra ID security: conditional access, MFA, and Secure Score.
  • Exposure to vulnerability management and SIEM tooling (Wazuh, Sentinel, Splunk, or similar).
  • Scripting for automation: Python, Bash, or PowerShell.
  • Strong documentation discipline.
  • Clear written and spoken English.

Desirable Skills

  • ISO 27001 Lead Implementer or Lead Auditor certification; Cyber Essentials assessor experience.
  • NHS DTAC, DSPT, or clinical safety exposure (DCB0129 / DCB0160).
  • Security certifications: CompTIA Security+, SSCP, AZ 500, AWS Security Specialty, CEH, or working towards CISSP.
  • Compliance automation tooling (Vanta, Drata, or similar).
  • Experience in a regulated industry — healthcare, finance, or public sector.
  • Penetration testing fundamentals and a solid grasp of OWASP.
  • Container and image scanning; zero trust networking (Tailscale or similar).
  • Healthcare integration or data context (HL7, FHIR, Mirth).

What We’re Looking For

  • Methodical, evidence driven, and pragmatic about risk.
  • Ownership mentality: see a gap, log it, close it, evidence it.
  • Pragmatism: distinguish real risk from theoretical.
  • Documentation discipline: policies, runbooks, and evidence kept current.
  • Calm under pressure; some work runs 24/7 in clinical settings.

Apply for this job in 1 click

Skip the repetitive application forms

Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.

Sarah M.James T.Maya R.

Trusted by over 500,000 job seekers on Base Career

Start Free Today

More from this employer

More jobs at Salvone Technology Solutions DMCC