Responsible for coordinating the IT cyber security roadmap aligned to security strategy and business stakeholder priorities. Actively manage the IT cyber security architecture. Assures compliance with QAFCO’s internal regulations and external requirements. Identify IT cyber security initiatives, compile them into programs and oversee the execution of long- and short-term IT cyber security objectives.
DESIRED CANDIDATE PROFILE
- Establish, maintain and execute QAFCO IT cyber security strategy.
- Establish QAFCO IT cyber-security standards to be incorporated into all existing and new QAFCO IT related systems.
- Ensure compliance by all functions in QAFCO with QAFCO IT cyber-security measures. Implement, monitor and continuously improve cyber security governance and assurance framework.
- Responsible for establishing and maintaining third party management, risk management, incident management and security monitoring processes and practices. Cooperate with and support other
stakeholders of these areas, such as IT, Automation, line management, etc.
- Establish, monitor, review and update cyber security controls across the IT organization in line with Qatari Law and other applicable regulatory requirements. Responsible for the selection of IT cyber security controls for communication, network, information exchange, gateway, product, software, system usage, media, access control, cryptography, portable devices, and virtualization. Cooperate with and support other stakeholders of these areas, such as IT Governance, IT Infrastructure, IT Business Solutions, line management, security (HSEQ) etc.
- Establish, review and maintain cyber-security benchmarks and standards for QAFCO IT systems.
- Participate in the IT security incident response process, draft lessons-learned reports
- Provide technical security advice related to system development, acquisition, implementation, modification, operation, support, and architecture.
- Manage and execute QAFCO IT cyber-security projects and other projects assigned by the Cyber Security Manager.
- Plan, prepare and execute projects.
- Provide quality assurance on the project, assure that the change the project brings into the IT landscape is beneficial for the company and in line with IT cyber security directives.
- Develop and support the implementation of IT cyber security standards, controls, and procedures, including but not limited to cloud security, and cryptography.
- Develop IT cyber security benchmarks.
- Develop IT cyber security requirements for the IT infrastructure, network, operation, and end user devices.
- Identify, support, and assesses key security controls for applications.
- Provide technical cyber security guidance and advice for IT teams.
- Participate in the IT change management process.
- Identify and analyse IT cyber security risks and assess vulnerabilities.
- Implement, manage, and continuously improve IT cyber security risk program, processes and practices.
- Develop mitigating actions/risk treatment plans and manage the execution of those actions.
- Manage and update risk registers on a quarterly basis.
- Support technical assurance and penetration testing activities, review vulnerabilities and prioritize their remediation, monitor, and report on vulnerability metrics and KPIs.
- Ensure that IT operational processes and practices are in line with IT cyber security internal and external requirements.
- Participate in the coordination of internal and external cyber security audit and compliance, and remediation of possible findings in a timely manner.
- Bachelor’s Degree in relevant discipline from a recognized University.
- Minimum of 8 years direct and relevant experience.
- In depth knowledge of risk and security frameworks, standards and best practices (e.g., NIST, COBIT,ISO2700x).
- Credentials: certified information security auditor (CISA), certified information security manager (CISM), certified in risk and information system control (CRISC), certified information systems and security professional (CISSP) will be an advantage.