Role Purpose: To establish and maintain an Information Security Management System, IT Governance, Risk and Compliance framework In line with industry-best practices, frameworks and regulatory requirements. Identify potential risks and evaluate existing controls to ensure that; the information security strategy is aligned with organizational goals and objectives, information security risk is managed appropriately and critical and sensitive information assets are secured, avoid information Security breaches and ensure compliance with legal, statutory, regulatory or contractual obligations related Information security requirements of Qatar Museum (QM).
Roles & Responsibilities:
• Establish and maintain Information Security Management System, IT Governance, Risk and Compliance Framework in line with industry-best practices, frameworks and regulatory requirements such as MICT: Qatar’s National Information Assurance Policy (NIAP), COBIT and ISO/IEC27001:2013 standards.
• Development and maintenance of Information Security Policies, Procedures and implementation plan.
• Ensure that Information Security Policies, Procedures and implementation plan are implemented within ITD and other BU\SU.
• Development and implementation of Incident and Change Management.
• Handling Information Security Incidents, taking corrective and preventive actions and root cause analysis report submission.
• Development of IT Risk Management Framework
• Risk Assessments, Risk Identification, Treatment, Mitigation, Reporting, Residual Risk Acceptance and recommendation for corrective action.
• Ensure Information Security compliance and practices are considered in projects, initiatives and new implementations.
• Collaborate with other departments such Internal Audit, Legal, Admin, Finance HC to direct compliance issues and resolutions
• IT Audits co-ordination (Compliance with Enterprise Internal/External Audits and Regulatory requirement).
• Formalized Information Security awareness programmes such as Information Security awareness mailer, awareness Banners and awareness Session
• Business Continuity and IT Disaster Recovery (ITDR)
• IT Procurement, Vendor Management and Project Management
• Technical evaluation for Information Technology product \Applications and Procurement.
• Maintenance and Management Qatar Museums Information Security Technologies and Controls.
• Vulnerability Assessment and Penetration Testing (VAPT) for critical services
• Considerable implementation or management experience with commonly accepted industry standards and/or best practices including “Qatar’s MICT: NIAP”, COBIT, ISO27000, and ITIL.
• Bachelor’s degree in Information Technology / Computer Science / Computer Engineering
• Possess Training \ Certification in one or more of the following: NIAP Implementation \Auditing, ISO/IEC27001:2013, ITIL, COBIT, CISM, CRISK and CGEIT.
• 5 - 7 years of relevant work experience