Senior Information Security Officer - Nakilat

Talent Pal

  • Doha, Qatar
  • Permanent
  • Full-time
  • 11 days ago
Job Summary and PurposeDrive a strong and robust Information Security Management System (ISMS) in the organization through threat/vulnerability detection, security scanning, penetration testing, security monitoring, vulnerability mitigations, threat mitigations, identifying IT/OT security risks and other related information security activities.Ensure adherence to the various information security standards, and standards and provide technical consultation on Information Security issues.AccountabilitiesKey Accountabilities:Information Security Management:1. Identify information security vulnerabilities and threats in the company IT/OT technology network and infrastructure using various techniques e.g., penetration testing and vulnerability assessment.
2. Collate information from the conducted assessments and recommend appropriate remedial steps.
3. Develop, review, improve, and update information security policies, procedures, guidelines, and other related documents.
4. Provide support to build the organization wide information security awareness and training programs. Contribute and provide content for awareness activities.
5. Monitor, evaluate and ensure the segregation of duties on all systems to mitigate the risk of unintentional and/or deliberate system misuse.
6. Ensure compliance with the applicable internal and international information security standards (e.g. NIA, ISO27001).
7. Monitor changes or updates in any applicable law, regulation or accreditation standards pertaining to Information Security, and ensure compliance as required.
8. Ensure appropriate administrative and technical safeguards are in place to protect information assets from internal and external threats. Coordinate physical safeguards for those assets in coordination with the General Services department.
9. Liaise and maintain contact with governmental authorities, regulatory bodies, security groups and industry forums in the field of Information Security.
10. Prepare security baselines and safeguard applications, operating systems, and infrastructure devices by adopting the latest standards.
11. Resolve information security issues and improve the Information Security performance by providing technical consultation in system development, acquisition, procurement, implementation, change management, operation/support and architectural and other ad-hoc projects.
12. Assist all organizational units in areas related to Information Security and follow the related processes to provide support.Accountabilities - 213. Work with the concerned parties on the Information Security incidents and vulnerability management processes from design to implementation and beyond.
14. Review technical information in the requirements statements, feasibility analysis, operating procedure manuals, and other documents produced in the process of system development.
15. Monitor and assess IT systems security, system audit trails/logs and the validity of system configurations whenever required.
16. Assist in vulnerability mitigation, e.g. through software/system patching through the IT department.
17. Assist in performing on-going security monitoring of information systems including assessing information security risk, conducting functional and gap analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements.
18. Evaluate and recommend new information security technologies and countermeasures against threats to information or privacy and develop security reports and dashboards.
19. Ensure identification, recording, reporting, and resolving any Information Security violations.
20. Support and assist the other activities linked with Enterprise Risk and Business Continuity Management such as Risk Assessments and Business Impact Analysis.
21. Support the development of the organization’s disaster recovery and business continuity plans for information security, and tests readiness.Generic Accountabilities:Quality, Health, Safety, & Environment (QHSE):
22. Adhere to all relevant QHSE policies, procedures, instructions, and controls so that NAKILAT provides a safe, world class, secure and environmentally responsible service to customers, the public and its own people.Policies, Systems, Processes & Procedures:
23. Implement approved policies, processes, and procedures, and provide instructions to subordinates to ensure their proper implementation.Others:
24. Carry out any other duties as directed by the immediate supervisor.Accountabilities - 3Accountabilities - 4CompetenciesInteractive CommunicationCollaboration & TeamworkDrive VisionSolution OrientedCustomer CentricityAchievement OrientedEmpower & Nurture TalentKey Result Areas
  • Contribute to the development and management of policies and procedures for the Information Security Management System.
  • Develop, coordinate and conduct organization wide information security awareness programs and trainings.
  • Prepare Information Security related risk assessments, reports and other relevant documentation.
  • Conduct the required activities to identify threats and vulnerabilities for IT and OT infrastructure.
  • Monitor various Information Security systems.
  • Drive the vulnerability patching.
Interactions and Working RelationsInternal: Interaction with all staff on information security activities such as data classification, access review, threats/vulnerabilities identification and mitigation, support and contribution to information security initiatives and projects.
External: Interface with vendors and external auditors and organizations for information security related mattersFinancial AuthoritiesAs per TOFA.Qualifications, Experience and Job SkillsQualifications:
  • Bachelor's Degree in Computer Science or any other equivalent field.
  • Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH) and Certified ISO27001 Lead implementer are preferred.
  • Globally recognized credential certification is preferred in Information Security domain for example, CISM, ISO27001LA.
Experience:
  • Minimum of 4 years of Information Security experience.
  • IT background is preferred.
Job Specific Skills:
  • Ability to manage pressure, prioritize needs, requirements and positively interact with the company users and external parties.
  • Ability to trouble shoot and investigate information security incidents.
  • Knowledge of Information Security Management System (ISO 27001) and other Information Security framework (NIST).
  • Security related qualifications (e.g. CISSP, CISM, CEH, ISO 27001 LI/LA).
Job Specific Competencies:
ii. Technical8) Business /Industry Knowledge
9) Enterprise Risk Management
10) Business Risk
11) Risk Project Management
12) Business Continuity Management
13) Governance
14) Risk Management Methodology/Process
15) Risk Identification and Assessment
16) Business Impact Analysis
17) Risk Response & Reporting
18) Risk Mitigation & Control
19) Information Security ManagementSenior Information Security OfficerDepartment: Business Support ServicesCity: Ras LaffanJob Segment: Information Security, Security Guard, Security Officer, Testing, QA, Technology, Security, QualityThis job has been sourced from an external job board.
More jobs on https://www.qureos.com/

Talent Pal

Similar Jobs

  • Security Officer

    Hilton

    • Doha, Qatar
    A Security Officer patrols, monitors, and observes security procedures to ensure a safe Guest and Member experience while investigating theft and managing instances of undesirable …
    • 12 days ago

  • Security Officer / Loss Prevention Officer

    Marriott

    • Doha, Qatar
    Job Number 24070189 Job Category Loss Prevention & Security Location The Westin Doha Hotel & Spa, Salwa Road, Doha, Qatar, Qatar Schedule Full-Time Located Remotely? N Relocat…
    • 14 days ago