الوصف الوظيفي
Job purpose: The Specialist-Information Security responsibilities covers Information Security Management System (ISMS) and Identity and Access Control.
The Specialist-Information Security develops and supervises the implementation of Information Security organizational and IT departmental policies and procedures for a secure and compliant management of Information Assets. As part of the ISMS, the incumbent develops an Information Risk Management Program that involves identification, assessment, and continuous Security audits on the different information Assets. Also, in charge of developing the organization’s Information Security Awareness and Training Program covering new joiners and existing staff and contractors.
The Specialist-Information Security defines and support the implementation of the different departments’ access matrices.
Main tasks and responsibilities (the position exist to perform the below tasks and essential activities)
Develops security policies, procedures, standards and guidelines; reviews existing security policies, standards, guidelines, and procedures to meet the security standards and frameworks. Conducts security audit and assess effectiveness of policy and procedures.
Review and support the development of systems Access Matrices.
Leads the implementation, operation and maintenance of an ISO2700x compliant Information Security Management System or equivalent.
Documents communicate organizational and departmental policies, standards, procedures and guidelines.
Develop the Information Asset Management procedures and, in coordination with the different IT, clinical and support departments, performs asset discovery and provide guidance to complete the information assets and classification register.
Develops the IT Risk Management Strategy, Methodology, and Risk register.
Performs Information Security Risk assessments and assess the control environment of the clinical /support processes and applications under review, including both manual and automated processes.
Monitors, manages and improves the effectiveness of the different types of information security controls (technical, process or physical controls).
Assists both internal and external audits relating to information security as well as performing independent audits to validate completeness and accuracy of the information security program.
Documents and maintains all records and evidences on implementing a successful information security management system based on security standards and frameworks adopted by Elegancia Healthcare.
Analyses and documents the existing user access and privileges provisioning/De-provisioning process, conducts process-reengineering to address security gaps.
In coordination with Clinical and support departments, supervises the development of departmental and application access matrices and validate before implementation.
Implement the automated access management review and validation process for user provisioning.
Manages the implementation of Identity management control solutions for an efficient and cost-effective management of users’ accounts.
Manages the implementation of Access Control.
Assess and validate the controls and identity management architecture of all acquired applications and ensures compliance with Elegancia Healthcare policies before roll out for production use.
Monitors & reviews user access rights and privileges and generate reporting to the management on periodic basis, as per the Information Security policies requirements.
Adheres to Elegancia Healthcare standards as they appear in the Code of Conduct and Conflict of Interest policies
المهارات
Education requirements
Graduate degree in IT (Essential)
Language requirements
English – Fluent (Required) | Arabic – Fluent (Preferred)
Experience
Knowledge and Skills
Minimum 8 years of experience in healthcare applications; four of which as FTE in an operating impatient facility (required)
Core Competencies
Strives for Innovation - Developing
Agility - Developing
Promotes Teamwork - Developing
Shows Entrepreneurial Spirit - Developing
Demonstrates Resilience - Developing
Cultivates Loyalty & Integrity - Developing
Demonstrates Accountability - Developing
10+ years of experience working with Information Security and/or Cyber Security including 3+ years in healthcare industry.
Experience in implementing Information Security Management System
Experience in implementing and operating a GRC framework and/or practice.
Experience in identity management, access control, and single-sign-on.
Experienced with (or equivalent) the following regulations and frameworks: PCI, HIPAA, and ISO/IEC 2700x.
CISSP, CISA, CISM, or other equivalent security certification
Demonstrated ability in managing suppliers in outsourcing contracts
Managerial experience, particularly with large complex projects
Proven people management skills. Excellent communication skills.
تفاصيل الوظيفة
منطقة الوظيفة قطر
قطاع الشركة البناء والتشييد
طبيعة عمل الشركة غير محدد
نوع التوظيف دوام كامل
الراتب الشهري غير محدد
عدد الوظائف الشاغرة 1
المرشح المفضل
عدد سنوات الخبرة الحد الأدنى: 8
الشهادة بكالوريوس/ دبلوم عالي
https://www.bayt.com/ar/qatar/jobs/specialist-information-security-4661751/