Information Security Officer

Location

Doha, Qatar

Experience

Job Type

Recruitment

Job Description

Information Security

Information Security Responsibilities

• Primary responsible for planning, coordinating, and organizing Information Security activities.
• Enforce and monitor the implementation and compliance with IT Information Security Policy.
• Develop and manage the implementation of Information Security Policies and Procedures.
• Ensure Risk Assessments are conducted on all information systems such as people, process, technology, and information processing facilities.
• Ensure implementation of all Information Security controls, as set forth in the Risk Treatment Plan, to ensure adequate security for the respective system.
• Conduct Information Security communications and outreach by leveraging the Information Security Management System (ISMS) committee.
• Establish appropriate measures to assess operational capabilities and determine compliance and effectiveness levels with Information Security Policy.
• Supervise other related assurance functions, as necessary.
• Ensure the compliance of Information Security Policies in the organization.
• Develop and ensure implementation of Information Security procedures.
• Develop and ensure implementation of incident handling and reporting.
• Follow-up, escalate, and report the resolution of Information Security issues identified during security assessments, penetration tests, and audits.
• Develop, implement, and maintain Disaster Recovery (DR) procedures and infrastructure in relation to the Business Continuity Plan (BCP)/IT Service Contingency Plan.
• Conduct and coordinate Information Security awareness and orientation programs.
• Responsible for conducting Committee meetings.

Security Incident Management

• Incident Management:
  
  Establish a formal procedure for internally reporting and tracking security incidents. Ensure incident response and escalation procedures are followed, and inform all employees, contractors, and third-party users of their responsibility to report security incidents.
• Incident Handling:
  
  Participate and/or oversee the investigation and management of information security events and policy violations and track them to conclusion.
• Incident Notification and Reporting:
  
  Follow policy for the notification and reporting of incidents immediately upon discovery.
• Corrective/Preventive Actions:
  
  Develop and document corrective action plans and implement preventive actions to mitigate recurrence.

Problem Management

• Analyze a security incident to detect an underlying problem that exists or is likely to exist.
• Categorize and prioritize the problem based on the frequency, severity, and impact of the incident.
• Investigate and diagnose the root cause of the problem.
• Test and apply temporary workarounds.
• Document the known error record.

Risk Management

• Risk Management Program:
  
  Create a formal process to address risk through the coordination and control of activities regarding each risk.
• Risk Assessment:
  
  Conduct formal vulnerability assessments of the environment on a regular basis.
• Risk Mitigation:
  
  Create a formal process to mitigate vulnerabilities and more.

Qualifications

Experience

• 8+ years in IT work experience
• 5+ years in a similar role

Education

• Bachelor of Engineering
• Or Bachelor of IT
• Or Bachelor of Computer Science

Certifications

• CRISC – Certified in Risk and Information Systems Control
• Or ISO/IEC 27001 Lead Implementer or Lead Auditor
• Or CISSP – Certified Information Systems Security Professional

Required Skillset

• Expertise in implementation of security frameworks such as NIST, ISO/IEC 27001, and other local regulations and frameworks.
• Expertise in compliance requirements like GDPR, HIPAA, PCI DSS, SOX, and other relevant laws and regulations.
• Expertise in conducting risk assessments, identifying security risks, evaluating impact, and implementing mitigation strategies.
• Expertise in developing policies, procedures, and processes.
• Expertise in creating and managing security awareness and training programs to educate employees on cybersecurity threats and best practices.