Specialist - Cybersecurity (Risk and Compliance)

**Communication**

**Internal Communication**:

- Senior Manager - Cybersecurity
- IT Department
- Corporate and Business Units

**Purpose**:

- To advise Senior Manager - on cybersecurity matters including risk, compliance and user awareness;
- To coordinate and ensure optimum protection of information assets within the company;
- To communicate and follow up on any cybersecurity issues, initiatives and/or projects.

**External Communication**:

- IT Services Vendors and Providers
- Auditors, and Regulators (MOI, MOTC, SCDL and ISO auditors).

**Purpose**:

- To coordinate with technology providers and propose most efficient solutions that serves Milaha requirement;
- To execute compliance assessment on 3rd party or risk assessment on solutions or projects;
- To effectively engage with regulatory functions in order to comply with the law requirements.

**Occupational Health & Safety and Environment**

**Accountability**:
Are accountable for their acts and omissions.

**Responsibility**:
To follow agreed safe systems of work; to follow training and instructions; and to report accidents, incidents and near misses.

**Authority**:
To stop work if they think the work is unsafe.

**Education & Professional Qualification**:
Bachelor's degree in Computer Science, IT, Systems Engineering or equivalent.

**Professional Experience**:

- 6-8 years of experience and expertise, capabilities and accomplishments directly relevant to the position, preferably in shipping, logistics, or energy industries;
- Minimum 3 years of work experience in cybersecurity, risk, controls, audit and regulatory compliance;
- Proven knowledge of cyber security risk, controls, compliance and IT audit assurance and advisory practices;
- Advanced expertise across security domains: e.g. Architecture and Engineering, Application Security, Web and Mobile Security, Infrastructure Security, Access Management, Threat and Vulnerability Management, Security Monitoring, Incident Response, and Cloud Security.

**Geographic Experience**:
Middle East experience is an advantage

**Computer Skills**:

- Advanced Microsoft Office product expertise;
- Advanced level presentation skills including to Management and Executive audience.

**Language Skills**:

- Business fluent English, Arabic a plus;
- Ability to simplify technical information into easily understood documents.

**Market/Industry/Functional Knowledge**:

- Strong knowledge of IT, risk and security practices, standards and controls (e.g. NIA, ISO 27001, COBIT, NIST-CSF);
- Good knowledge of regulatory requirements (i.e. GDPR, Cybercrime Prevention Law);
- Ability to plan, deliver and report results of cybersecurity risk, control, and compliance engagements;
- Ability to conduct training and user awareness campaign;
- Must manage ambiguity, resolve urgent and competing demands, and go above-&-beyond to deliver outcomes;
- Strong attention to detail with an analytical mind and outstanding problem-solving skills.

**Key Roles & Responsibilities**
- Drive effective management of Milaha cybersecurity risk and compliance with company Cybersecurity policies & procedures, standards and applicable regulatory requirements. This includes ISO 27001, Qatar National Information Assurance (NIA), MOI directive, Supreme Committee's cybersecurity framework, Qatar personal information protection law, cybercrime prevention law, and other industry standards & best practices;
- Identify where and how Milaha uses data; determine tools and technologies that should be deployed; ensure that preventive/ detective/ corrective controls are in place and functioning effectively; stay current with standards, government regulations and commercial agreements governing the use of data;
- Collaborate closely with leaders in each business unit to ensure customer data is safeguarded and used ethically and responsibly;
- Maintain awareness of standard and regulatory changes; review Milaha policies, and recommend revisions to remain compliant;
- Manage internal/external audit and penetration testing programs, reporting risks and compliance areas that need correction to the senior management team and prioritizing compliance work;
- Support growth (system development or acquisition) while protecting company information asset by delivering cybersecurity compliance assessment on new solutions; and providing information risk and controls assessment during implementation;
- Manage compliance certification audit for NIA, ISO 27001, and other information security standards;
- Reviewing and responding to security questionnaires and contract questions from customers on Milaha's information security policies and practices;
- Manage cybersecurity compliance program for 3rd party including IT implementor, IT solution provider, software principle and cloud service provider;
- Organize and lead Privacy/Compliance training programs across departments, in order to educate and inform employees about Milaha practices and standards, raise the level of coope