Sr. Cyber Security Governance Specialist

Requisition Id:  880
Location: 

Doha, QA

Contract Type:  Indefinite Contract
Function:  Strategy

Job Purpose:
Responsible for the development and administration of Cyber Security Governance, Risk, and Compliance (GRC). Develops reporting metrics, dashboards, and evidence artifacts. Primary responsibility for defining, creating, and monitoring of QAFCO Cyber security policies and procedures in support of regulatory, strategy and policy compliance as well as establishing and managing IT and OT cyber security risk frameworks and Management Systems.

Job Purpose:
Responsible for the development and administration of Cyber Security Governance, Risk, and Compliance (GRC). Develops reporting metrics, dashboards, and evidence artifacts. Primary responsibility for defining, creating, and monitoring of QAFCO Cyber security policies and procedures in support of regulatory, strategy and policy compliance as well as establishing and managing IT and OT cyber security risk frameworks and Management Systems.

Key Accountabilities:

  • Monitor and review IT and OT security practices and processes, including changes to systems, methods, procedures, and processes with a focus on improving current business practices and processes to minimize cyber security risk. 
  • Coordinate the design, implementation, operations, and maintenance of the information/cyber security management systems in coordination with the IT department and relevant business units based on the ISO/IEC 27000 family of standards including obtaining ISO 27001 certification where applicable.
  • Design and operate monitoring and improvement activities to ensure compliance both with internal security policies and procedures and applicable laws and regulations.
  • Coordinate the establishment of a cyber security management system, based on standards such as IEC/62443 for QAFCO's Operational Technology (OT)/Industrial Control Systems (ICS) in coordination with the Maintenance department.
  • Maintain a list of incompatible duties (segregation of duties or SOD) related to IT and OT systems and applications and manage the risk associated with SOD.
    Draft reports to the IT Steering Committee on the Cyber Security risks and the status of the Information Security Management System (ISMS).
  • Implement and continuously improve the information classification process.
  • Deliver the projects delegated from the Head of Cyber Security Plan, prepare and execute GRC projects.
  • Oversee the implementation and execution of IT and OT cyber security strategical initiatives, provide executive reports to the Head of Cyber Security on demand.
  • Support the development and implementation of IT and OT cyber security risk management frameworks.
  • Validate the identified IT and OT cyber security risks and risk registers in a timely manner.
  • Support the continuous improvement of IT and OT cyber security risk management programs, processes, and practices.
  • Monitor and report the progress of risk management practices identified during security and vulnerability assessments, penetration testing to the Head of Cyber security.
  • Assure that cyber security processes and practices are in line with internal and external requirements. Responsible for internal and external audit compliance, and remediation of possible findings in a timely manner.
  • Participate in the compliance management framework liaising with internal relevant functions and external regulatory authorities
  • Research and create a proposal on how to utilize the latest cyber security standards.
  • Develop, implement, and operate a comprehensive Cyber security awareness program to meet maturity level objectives aligned with Cyber security strategy
  • Design awareness metrics and KPIs and report against them on regular basis.

Desired Candidate Profile:

  • Bachelor’s Degree in relevant discipline
  • Minimum of 10 years direct and relevant experience.
  • In depth knowledge of risk and security frameworks, standards and best practices (e.g. ITIL, COBIT, ISO2700x, IEC/62443)
  • Credentials: Certified Information Systems Auditor (CISA), CISSP, Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC).
  • Key Accountabilities:
    Monitor and review IT and OT security practices and processes, including changes to systems, methods, procedures, and processes with a focus on improving current business practices and processes to minimize cyber security risk. 
  • Coordinate the design, implementation, operations, and maintenance of the information/cyber security management systems in coordination with the IT department and relevant business units based on the ISO/IEC 27000 family of standards including obtaining ISO 27001 certification where applicable.
  • Design and operate monitoring and improvement activities to ensure compliance both with internal security policies and procedures and applicable laws and regulations.
  • Coordinate the establishment of a cyber security management system, based on standards such as IEC/62443 for QAFCO's Operational Technology (OT)/Industrial Control Systems (ICS) in coordination with the Maintenance department.
  • Maintain a list of incompatible duties (segregation of duties or SOD) related to IT and OT systems and applications and manage the risk associated with SOD.
    Draft reports to the IT Steering Committee on the Cyber Security risks and the status of the Information Security Management System (ISMS).
  • Implement and continuously improve the information classification process.
  • Deliver the projects delegated from the Head of Cyber Security Plan, prepare and execute GRC projects.
  • Oversee the implementation and execution of IT and OT cyber security strategical initiatives, provide executive reports to the Head of Cyber Security on demand.
  • Support the development and implementation of IT and OT cyber security risk management frameworks.
  • Validate the identified IT and OT cyber security risks and risk registers in a timely manner.
  • Support the continuous improvement of IT and OT cyber security risk management programs, processes, and practices.
  • Monitor and report the progress of risk management practices identified during security and vulnerability assessments, penetration testing to the Head of Cyber security.
  • Assure that cyber security processes and practices are in line with internal and external requirements. Responsible for internal and external audit compliance, and remediation of possible findings in a timely manner.
  • Participate in the compliance management framework liaising with internal relevant functions and external regulatory authorities
  • Research and create a proposal on how to utilize the latest cyber security standards.
  • Develop, implement, and operate a comprehensive Cyber security awareness program to meet maturity level objectives aligned with Cyber security strategy
  • Design awareness metrics and KPIs and report against them on regular basis.

Desired Candidate Profile:

  • Bachelor’s Degree in relevant discipline
  • Minimum of 10 years direct and relevant experience.
  • In depth knowledge of risk and security frameworks, standards and best practices (e.g. ITIL, COBIT, ISO2700x, IEC/62443)
  • Credentials: Certified Information Systems Auditor (CISA), CISSP, Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC).