Head of Cyber Security

Background
Group Technology department drives technology innovation, coordination and expert support for the OpCos. The main role is to work closely with the business (i.e., Commercial, Sourcing, Finance, etc.) to provide efficient and timely solutions to business requirements.

Information are the assets that Ooredoo group and its operating companies depend on for running the business, they are one of the critical enablers of business success. As an organization OG has a responsibility to assure the safe storage and retrieval of this information and its protection. To do this a unit has been established who will be responsible for the development and implementation of cyber-Security strategies and plans across the group.

This role supports the Ooredoo Group and its operating companies through formulating cyber security strategies, plans and promoting the information security culture in Ooredoo Group and its Operating Companies.

**Purpose**:
The Primary mission of this profile is to “valuate and protect Ooredoo Information Assets to ensure confidence in the company and drive growth”, by developing Information Assurance strategy at the Group level and promote a clear and effective information risk management culture.

Enable Ooredoo Group and OPCOs to develop appropriate cyber-Security and Assurance capabilities to develop and execute information risk mitigation and contingency plans

Role Profile
- Establish and lead information/cyber-Security activities and processes to enhance the value of the Ooredoo Group.
- Identify protection goals, objectives, and metrics consistent with corporate strategic plans.
- Work with other executives in the group to prioritize information/cyber-Security/Assurance and initiatives based on methodologies, program plans, risk management and spending.
- Oversee the development of Group-wide information/cyber-security policies, standards, guidelines, and procedures ensuring ongoing maintenance of cyber-security, including asset protection, technical architecture, network security, access controls, controls and monitoring, employee education and incident management.
- Work with external consultants, as appropriate, for independent cyber-security assessment, audit and technical infrastructure compliance tests.
- Plan and execute periodic information/cyber-security assessment across Ooredoo Group and its operating companies and report the findings, gaps and recommendations to Ooredoo Group executive management.
- Serve as an expert advisor to Ooredoo Group Executive Management and executives of operating companies on matters pertaining to information assurance, information/cyber-security, and privacy.
- Follow and monitor information/cyber-security risk trends, both internal and external and keep Ooredoo Group informed about security related issues affecting Ooredoo Group and its operating companies.
- Guide and assist information/cyber-security directors in Ooredoo Group, its operating companies and vendors who safeguard the company's information assets, intellectual property, and Information Systems.
- Lead Ooredoo Group and/or assist Ooredoo Operating Companies as necessary to investigate security breaches and pursue associated disciplinary and legal matters.
- Develop, manage, and maintain information/cyber-security risk register and alerts for the Ooredoo Group and provide periodic reports.
- Develop and maintain a good professional relationship with the local authorities to assist in enforcing laws and investigate breaches.
- Coordinate with Internal and External Audit teams to plan and execute audits and compliance procedures.
- Work with Legal Counsel in defining and appropriately stating policies, standards in compliance with the local laws and regulations.

Experience**
Minimum Experience & Essential Knowledge**
- Have at least 14 years’ experience in the field of information technology, particularly in a field related to telecommunication services, with at least 5 years of progressive experience in information\cyber-security.
- Strong understanding of technology and industry trends, security best practices, and management of technology innovation operations.
- Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals
- Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks, NIST, SAN ect.
- Proficiency in performing risk, business impact, control, and vulnerability assessments, and in defining treatment strategies.
- Proficiency in both Telecommunication and IT security.
- Demonstrated management skills, e.g., budget development and administration, policy development and implementation, personnel administration, staff training and development
- Must be an intelligent, articulate, and persuasive person who can serve as an effecti