{bc}
indeed

Cybersecurity & Compliance Specialist

Salvone Technology Solutions DMCC
Dubai, UAE
Freelance
Mid
Onsite
1 months ago
Vulnerability ManagementISO 27001Cyber EssentialsNHS DSPTUK GDPRSIEM
Free

Job Fit Check

Base Career helps you apply smarter for this job.

?%
Ready to Scan

Key skills for this role

Vulnerability ManagementISO 27001Cyber Essentials
Smart Apply

Full Job Posting

About Salvone

  • Salvone Technology Solutions is the technology arm of one of the leading UK healthcare providers across hospitals, residential homes, supported living, and nursing services.
  • We design and operate the platforms, ERP, integrations, analytics, and workforce systems that power operations, compliance, and care delivery across the group.
  • We are hiring a Cybersecurity & Compliance Specialist to be the hands on engine of our security and compliance programme.

Key Responsibilities

  • Run vulnerability management end to end: scanning, triage, remediation tracking, and verification with the infrastructure team.
  • Oversee patch compliance and hardening baselines across cloud, servers, and endpoints.
  • Monitor security events and alerts through our SIEM (Wazuh), investigate anomalies, and tune detection.
  • Maintain endpoint protection coverage and review logs for early signs of compromise.
  • Track and reduce security debt with clear owners and dates.
  • Drive the ISO 27001 programme day to day: maintain the ISMS, implement and evidence controls, and prepare for internal and external audits.
  • Deliver Cyber Essentials Plus and the NHS DSPT submission, keeping evidence current year round rather than scrambling at deadline.
  • Assemble and maintain NHS DTAC assessment packs for our platforms — clinical safety, data protection, technical security, interoperability, and usability.
  • Maintain a single, audit ready control and evidence library; run and improve compliance tooling (e.g. Vanta, Drata) where adopted.
  • Maintain the Record of Processing Activities (ROPA) and data retention schedules.
  • Run Data Protection Impact Assessments (DPIAs) for new systems and data flows.
  • Operate the data subject request and breach processes, including ICO notification timelines.

Required Qualifications

  • 2–4 years in a cybersecurity, GRC, or security focused IT role.
  • Hands on contribution to at least one compliance framework — ISO 27001, Cyber Essentials, SOC 2, or NHS DSPT.
  • Working knowledge of UK GDPR / Data Protection Act 2018 (or an equivalent data protection regime) in practice, not just theory.
  • Familiarity with cloud security (AWS preferred): IAM, security groups, GuardDuty, Config, and logging.
  • Microsoft 365 / Entra ID security: conditional access, MFA, and Secure Score.
  • Exposure to vulnerability management and SIEM tooling (Wazuh, Sentinel, Splunk, or similar).
  • Scripting for automation: Python, Bash, or PowerShell.
  • Strong documentation discipline. If it isn’t written down, it didn’t happen.
  • Clear written and spoken English; able to write a policy someone will actually read.

Desirable Skills

  • ISO 27001 Lead Implementer or Lead Auditor certification; Cyber Essentials assessor experience.
  • NHS DTAC, DSPT, or clinical safety exposure (DCB0129 / DCB0160).
  • Security certifications: CompTIA Security+, SSCP, AZ 500, AWS Security Specialty, CEH, or working towards CISSP.
  • Compliance automation tooling (Vanta, Drata, or similar).
  • Experience in a regulated industry — healthcare, finance, or public sector.
  • Penetration testing fundamentals and a solid grasp of OWASP.
  • Container and image scanning; zero trust networking (Tailscale or similar).
  • Healthcare integration or data context (HL7, FHIR, Mirth).

What We’re Looking For

  • Beyond the checklist, we value people who are methodical, evidence driven, and pragmatic about risk.
  • Ownership mentality: you see a gap, you log it, you close it, and you evidence it.
  • Pragmatism: you can tell a real risk from a theoretical one and prioritise accordingly.
  • Documentation discipline: policies, runbooks, and evidence kept current as a matter of habit.
  • Calm under pressure: some of what we protect runs 24/7 in clinical settings.

What Success Looks Like

  • By 90 days: A clear inventory of systems, data flows, identities, and secrets, with the riskiest gaps logged and owned.
  • By 90 days: ISO 27001 gap analysis supported and the evidence library structured.
  • By 90 days: ROPA started and the first DPIAs underway.
  • By 90 days: Early, visible posture wins shipped with the infrastructure team.
  • By 6 months: ISO 27001 certification achieved.
  • By 6 months: Cyber Essentials Plus passed, and DSPT submitted at 'Standards Met' or higher.
  • By 6 months: DTAC packs assembled and current for our in scope platforms.
  • By 6 months: Quarterly access reviews, incident drills, and supplier reviews running as routine.

Location

  • Dubai (Preferred)
  • Work Location: In person

Apply for this job in 1 click

Skip the repetitive application forms

Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.

Sarah M.James T.Maya R.

Trusted by over 500,000 job seekers on Base Career

Start Free Today

More from this employer

More jobs at Salvone Technology Solutions DMCC