الوصف الوظيفي
The Information Security Officer (ISO) plays an integral role in defining and assessing the organization’s security strategy, architecture and practices. The ISO will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services. The ISO must be able to translate the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting. The ISO is involved during IT planning initiatives to ensure that security measures are incorporated into strategic IT plans and that service expectations are clearly defined. The ISO will also be responsible for working with business and IT stakeholders to balance real-world risks with business drivers such as speed, agility, flexibility and performance.
المهارات
• Determine and maintain an inventory of all regulatory, commercial, and organizational technology compliance requirements. • Facilitate the creation and modification of all technology compliance policies. • Create an IT compliance risk assessment framework and periodically assess the regulatory, commercial, and organizational, inherent and residual IT compliance risks. • Identify the associated IT compliance control gaps and carry out the documentation, implementation, and testing of the entire IT compliance control portfolio. • Develop and direct IT compliance control monitoring programs to ensure IT compliance-related risks are managed to the appropriate level of acceptable residual risk. • Implement and maintain an IT compliance issue management tracking and resolution process that will address known issues, according to severity and potential impact to the organization. • Report the levels of IT compliance risk and control effectiveness to key stakeholders such as ITbusiness unit management, senior management, legal management, regulators, internal/external auditors, etc. • Coordinate audit-related tasks such as ensuring the readiness of IT managers and their organizations for audit testing and facilitating the timely resolution of any audit findings. • Assist with the management of the overall IT compliance-related budget/financial spend in accordance with the desired IT compliance risk appetite of the organization. • Assist business and IT managers with the acquisition of tools and expertise to assist with IT compliance-related projects and initiatives. • Create an IT compliance training and awareness program that periodically educates the requisite end-user community on the relevant IT compliance requirements and certifies their adherence to the relevant IT compliance controls. Regulatory Compliance Activities • Work with corporate legal and compliance representatives to identify all related IT compliance requirements (i.e., security, user access, privacy, data integrity, etc.) associated with the laws and regulations within all relevant jurisdictions. • Ensure all related IT compliance policies are updated, based on any relevant regulatory changes or new laws. • Follow the regulatory change management process that identifies and coordinates the modification of related technological functions, business processes and/or compliance controls. • Conduct necessary IT compliance control monitoring and testing activities to determine the effectiveness of the controls. • Remediate IT compliance control deficiencies. • Coordinate the investigation of any potential unlawful or fraudulent action related to IT compliance, such as the intentional release of privileged information or a related security breach. Commercial Compliance Activities • Work with internal representatives to identify all IT compliance commercial requirements and industry standards, related to the supply as well as the delivery of goods and services. • Communicate IT compliance standards and requirements to relevant suppliers through various means, such as requests for proposal, contractual terms, etc. • Perform necessary due diligence activities to determine third-party adherence with IT compliance requirements prior to establishing a business relationship. • Monitor third-party adherence to IT compliance requirements and address any and all instances of noncompliance. • Request proof of required industry standard certification or report (e.g., ISO 27001, Service Organization Control Reports, PCI DSS, etc.). Organizational Compliance Activities • Work with IT and business representatives to identify the goals and objectives of the organization and translate them into IT compliance requirements such as IT security and user access policies and controls. • Manage and maintain the existing ISO 27001 certification and continuously improve to include relevant controls required by the organization. • Evaluate any related external frameworks or standards (e.g., Qatar NIA, Qatar NICS, ITIL, COBIT, National Institute of Standards and Technology [NIST], etc.) or internal standards (e.g., code of conduct and use) to determine the relevant IT compliance requirements and controls. • Identify any gaps between the desired level of compliance and the current level of maturity. • Develop and implement the required IT compliance policies and controls to meet the desired level of compliance maturity reflected in a given standard or framework. • Oversee the monitoring and periodic testing of IT compliance controls to ensure ongoing adherence, with a given standard or framework. • Identify and resolve any issue of noncompliance, with a related standard or framework. Strategic Support • Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department. • Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance. Security Liaison • Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors. • Provide security communication, awareness and training for audiences, which may range from senior leaders to field staff. • Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation. • Serve as an active and consistent participant in the information security governance process. •
تفاصيل الوظيفة
منطقة الوظيفة الدوحة, قطر
قطاع الشركة خدمات تكنولوجيا المعلومات
طبيعة عمل الشركة صاحب عمل (القطاع الخاص)
نوع التوظيف غير محدد
الراتب الشهري غير محدد
عدد الوظائف الشاغرة غير محدد
المرشح المفضل
المستوى المهني متوسط الخبرة
عدد سنوات الخبرة الحد الأدنى: 3
Ateca Consulting logo
متابعةAteca Consulting
الدوحة, قطر
https://www.bayt.com/ar/qatar/jobs/information-security-officer-4496834/