الوصف الوظيفي
The Information Security Officer (ISO) plays an integral role in defining and assessing the organization’s security strategy, architecture and practices. The ISO will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services. The ISO must be able to translate the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting. The ISO is involved during IT planning initiatives to ensure that security measures are incorporated into strategic IT plans and that service expectations are clearly defined. The ISO will also be responsible for working with business and IT stakeholders to balance real-world risks with business drivers such as speed, agility, flexibility and performance.
Scope of Activities • Determine and maintain an inventory of all regulatory, commercial, and organizational technology compliance requirements. • Facilitate the creation and modification of all technology compliance policies. • Create an IT compliance risk assessment framework and periodically assess the regulatory, commercial, and organizational, inherent and residual IT compliance risks. • Identify the associated IT compliance control gaps and carry out the documentation, implementation, and testing of the entire IT compliance control portfolio. • Develop and direct IT compliance control monitoring programs to ensure IT compliance-related risks are managed to the appropriate level of acceptable residual risk. • Implement and maintain an IT compliance issue management tracking and resolution process that will address known issues, according to severity and potential impact to the organization. • Report the levels of IT compliance risk and control effectiveness to key stakeholders such as ITbusiness unit management, senior management, legal management, regulators, internal/external auditors, etc. • Coordinate audit-related tasks such as ensuring the readiness of IT managers and their organizations for audit testing and facilitating the timely resolution of any audit findings. • Assist with the management of the overall IT compliance-related budget/financial spend in accordance with the desired IT compliance risk appetite of the organization. • Assist business and IT managers with the acquisition of tools and expertise to assist with IT compliance-related projects and initiatives. • Create an IT compliance training and awareness program that periodically educates the requisite end-user community on the relevant IT compliance requirements and certifies their adherence to the relevant IT compliance controls.
المهارات
Education, Training and Certification • Undergraduate degree in the field of law, computer science or business administration; graduate degree in one these fields preferred. • Industry-related legal, compliance, information security or business continuity management certification is preferred. Business Knowledge and Technical Experience • 7 years’ experience working in an Information Security role. • 5 years’ experience managing compliance assessments within a corporate setting. • Proven experience developing and submitting IT audit and compliance reports to governing bodies, legal entities and/or external authorities. • Experience in planning, organizing and developing information technology policies, procedures and practices. • Direct experience and knowledge of national, state, provincial and local information technology laws and regulations, including Qatar NIA, Qatar NICS, Qatar Cybersecurity Framework, GDPR. • Strong communication skills (written and oral), particularly with government/legal agencies and external/internal auditors. • Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues. • Excellent knowledge of technology environments, including information security, encryption methods and privacy-based solutions. • General knowledge of business theory, business processes, management, budgeting and business office operations. • Demonstrated understanding of data processing, hardware platforms, enterprise software applications and outsourced systems. • Understanding of computer systems and integration capabilities. • Solid understanding of project management principles. • Ability to translate understanding of the organization’s goals and objectives into compliance requirements. Skills and Personal Attributes • Ability to establish credibility and working relationships with a wide range of corporate personnel, including operations, management, executive and legal staff as well as external personnel, including auditors and regulators. • Proven leadership ability. • Ability to set and manage priorities judiciously. • Ability to present ideas in business-friendly and user-friendly language. • Exceptionally self-motivated, directed and detail-oriented. • Superior analytical, evaluative and problem-solving abilities. • Ability to motivate in a team-oriented, collaborative environment
تفاصيل الوظيفة
منطقة الوظيفة الدوحة, قطر
قطاع الشركة خدمات تكنولوجيا المعلومات
طبيعة عمل الشركة صاحب عمل (القطاع الخاص)
نوع التوظيف غير محدد
الراتب الشهري $5,000 - $6,000
عدد الوظائف الشاغرة 1
المرشح المفضل
المستوى المهني متوسط الخبرة
عدد سنوات الخبرة الحد الأدنى: 7
منطقة الإقامة قطر
الجنس ذكر
الشهادة بكالوريوس/ دبلوم عالي
https://www.bayt.com/ar/qatar/jobs/information-security-officer-4496632/