- Establish and maintain QM wide Security Architecture and Information Security Management System, IT Governance, Risk and Compliance Framework in line with industry-best practices, frameworks and regulatory requirements such as MICT: Qatar’s National Information Assurance Policy (NIAP), COBIT and ISO/IEC27001:2013 standards.
- Collaborate with other departments such Internal Audit, Legal, Admin, Finance, HC to direct compliance issues and resolutions.
- Provide leadership in the definition and execution of an Information Security and Compliance roadmap, to include aligning with the defined Information Security Strategy, and business strategy, gaining executive approval and support, and overseeing successful execution.
- Ensure Information Security compliance and practices are considered in projects, initiatives and new implementations.
- Own the Information Security policies and SOPs; ensure they meet business requirements and are in compliance with regulatory requirements.
- Be responsible for security event monitoring and incident management across QMA.
- Drive Risk Assessments, Risk Identification, Treatment, Mitigation, Reporting, Residual Risk Acceptance and recommendation for corrective action.
- Drive regular internal audits of security and compliance controls. Represent the company in external Security and Compliance audits, track and close related action items.
- Drive vendor and technology security assessments.
- Drive Vulnerability Assessment and Penetration Testing (VAPT) for critical services
- Develop and deliver regular Information Security awareness and Compliance training to all QM employees.
- Bachelor’s degree in Information Technology / Computer Science / Computer Engineering
- Possess Training \ Certification in one or more of the following: NIAP Implementation \Auditing, ISO/IEC27001:2013, ITIL, COBIT, CISM, and CISSP.
- 10+ years of experience as Information Security leader and engineer.
- Solid knowledge of Information Security standards and frameworks such as NIAP Framework and ISO 27001; hands on experience in implementing such frameworks.
- Considerable implementation or management experience with commonly accepted industry standards and/or best practises including “Qatar’s MOTC: NIAP”, COBIT, ISO27000, and ITIL.