Overview:
Space42 (ADX: SPACE42) is a UAE-based AI-powered SpaceTech company that integrates satellite communications, geospatial analytics and artificial intelligence capabilities to enlighten the Earth from space. Established in 2024 following the successful merger between Bayanat and Yahsat, Space42s global reach allows it to address the rapidly evolving needs of its customers in governments, enterprises, and communities. Space42 comprises of two business units: Yahsat Space Services and Bayanat Smart Solutions. The Yahsat Space Services unit focuses on upstream satellite operations for both fixed and mobility satellite solutions. The Bayanat Smart Solutions unit integrates geospatial data acquisition and processing with AI to inform decision-making, enhance situational awareness, and improve operational efficiency. Space42s major shareholders include G42, Mubadala and IHC.
Our vision is to pioneer beyond today for humanity to experience a better tomorrow. Space42 challenges traditional approaches with advanced AI and cutting-edge satellite technology, making space more accessible and redefining how data from space can be used on Earth. We aim to achieve this by connecting people to rewire potential, informing decisions to reimagine impact and enabling action to redefine tomorrow. We are guided by our core principles; we have foresight and are reshaping the status quo with a view of the future and beyond; we fuel change by going beyond words, rolling up our sleeves and building things that have never been built before; we bring our finest to go beyond good, to bring the best in class in every offering through our people, partners and providers.
For more information, visit www.space42.ai; follow us on X @Space42ai, Instagram @Space42ai
ROLE PURPOSE
Information Security Risk & Compliance Specialist will be responsible for ensuring the organization's adherence to Information security protocols, Vendor risk management, and regulatory compliance requirements. This role will involve collaborating with internal teams, external vendors, and regulatory bodies to mitigate risks, manage compliance audits, and maintain the security posture of the companys IT infrastructure and third-party relationships. Responsibilities:
Vendor Risk Management

• Establish the end-to-end risk Information Security Vendor Risk management framework for Space42 to understand the risk environment to operate within the agreed risk appetite
• Manage and assess the risks associated with third-party vendors, ensuring that vendor practices comply with security and compliance standards.
• Conduct vendor risk assessments, including evaluating vendors' security posture, compliance status, and data protection policies.
• Develop and maintain a vendor risk management program to identify, assess, and mitigate risks related to third-party partnerships.
• Collaborate with procurement and legal teams to ensure that all third-party contracts include necessary security and compliance clauses.
• Monitor ongoing vendor relationships to ensure continuous compliance with security standards.

Compliance Management

• Implements the compliance framework that is aligned with legal requirements, corporate policies, local and international standards that affect the business environment where Space42 operates.
• Ensures compliance with Intellectual Property Rights (e.g. software license agreements) and export control requirements
• Ensure compliance with relevant industry regulations and standards such as ISO 27001, ISO 27701, UAE IA, KSA CRF, PCI-DSS etc.
• Plans and conduct internal periodic audits to verify and report effectiveness of the implementation of the Information Security Regulation.
• Conducts periodic reviews or audits to verify Cloud Service Providers (CSPs) compliance with the applicable security policies and contractual requirements
• Logs, maintains and periodically reviews logical and physical access control lists on a regular basis.
• Support the preparation and coordination of regulatory audits and assessment
• Develop compliance management processes
• Conducts periodic reviews to verify compliance of the implemented control framework
• Conduct periodic security awareness surveys/test to measure the security training effectiveness and the awareness level of all employees and applicable external parties (e.g. social engineering assessment or phishing assessments).
• Develop security training and awareness processes for various kinds of audience
• Develop, implement and assess security awareness campaigns that educate users on information security policies and covers business operations security risk and focus on reducing possible risks.
• Document and report compliance status, findings, and remediation efforts to senior management.

Qualifications:

• Bachelors degree in information security, Information Technology or related field
• 4+ Years of proven experience in information security, vendor risk management, and regulatory compliance.
• Strong knowledge of security frameworks/standard (e.g., NIST, ISO 27001) and regulatory requirements (e.g., UAE IA, KSA CRF, GDPR, UAE PDPL etc.).
• Relevant certifications such as ISO 27001 LA/LI, CISSP, CISA, CISM, CRISC, or equivalent is highly preferred.
• Experience conducting risk assessments and audits.
• Excellent communication skills, with the ability to interact with both technical and non-technical stakeholders.
• Excellent Data analytical skills