Senior Information Security Risk Analyst

**Company**
QatarEnergy is an integrated national oil corporation that stands at theforefront of efforts for the long term sustainable

development,utilization and monetization of oil and gas resources in the State ofQatar.In its efforts to become one of the

best national energy companies inthe world, QatarEnergy's activities and those of its subsidiaries andjoint ventures,

encompass the entire spectrum of the oil and gas valuechain locally, regionally, and internationally.They include the

exploration, refining and production, marketing, andsale of oil and gas, liquefied natural gas (LNG), natural gas

liquids(NGL), gas to liquids (GTL) products, refined products, petrochemicals,fertilizers, steel and aluminum. As an

integrated corporation,QatarEnergy's activities also include marketing and sale of oil and gasand other various

products.QatarEnergy's operations and activities are conducted at various onshorelocations, including Doha, Dukhan and

the Mesaieed and Ras LaffanIndustrial Cities; and at various offshore areas, such as offshore oilfields production stations,

drilling platforms, Halul oil export island,and the North Field, which is the largest single non-associated gasreservoir in the

world covering an area of 6,000 square kilometers. Theutilization of this field’s massive reserves has become a
primarynational goal to continue the development and prosperity of the country.QatarEnergy pays the utmost attention to

the health and safety of itsemployees, contractors, visitors and the local communities where itoperates. From drilling to

construction, operations to decommissioning,QatarEnergy's health, safety and environment policy forms an integralpart of

the corporation’s daily business and long term planning.QatarEnergy is committed to contribute to a better future by
meetingtoday’s economic needs, while safeguarding our environment and resourcesfor generations to come. Thriving on
innovation and excellence,QatarEnergy is bound to the highest levels of sustainable human, socio-economic, and

environmental development in Qatar and beyond.

**Department**
INFORMATION SECURITY

INFORMATION & COMMUNICATION TECHNOLOGY

**Primary purpose of job**
The Senior Information Security Risk Analyst is tasked with enhancing the information security posture of QatarEnergy in

both IT and OT environments by assessing and managing cyber and information security risks. He/She actively participates

in projects during all phases of implementation and operation, provides expert technical and procedural direction to identify

and manage cyber and information security risks, and monitors progress of activities to manage and report identified risks.

**Experience & Skills**:
- 10+ years of relevant professional experience
- Experience with large ICS & ICT environments in the Energy sector, preferably in Oil & Gas
- Knowledge of information security capabilities and requirements analysis
- Perform periodic risk management activities in IT and OT during the phases of project lifecycle, communicate risks and

mitigation actions to stakeholders, and support the business in defining cyber and information security requirements
- Identify critical information systems and supporting systems for business processes and projects
- Evaluate effectiveness of existing information security controls
- Propose cost effective information security controls for the remediation of risk
- Manage information security risk register, including the development of risks acceptance reports, and communicate risks

to the business as required
- Maintain security controls framework in compliance with state law, international standards and best practices
- Define and evaluate metrics for reporting information security control effectiveness
- Communicate the urgency and severity of complex risk scenarios in simple, effective language
- Excellent written and verbal business communication skills

**Education**:

- Bachelor degree in information security, computer science, or systems engineering.- Professional certifications related to Information security (e.g., ISO27001, ISO27005, CISSP, GICSP, CISA, GIAC, CEH,

etc.)