IT Security Governance Consultant

Tandem Search

Doha, Qatar

Ref: KP709-1836

Job description / Role

Employment: Full Time

This is a consultant role which is part of the Information Security Governance project that aims at carrying out a comprehensive assessment of where the company is now in terms of Information Security Governance for both office and plant domains. The scope of work is comprehensive. It includes assessment, identifying gaps, building the road map forward to manage and sustain Information Security Governance requirements. Also, it includes development of framework, polices, procedures, controls, awareness and compliance to security standards. The aim is to work towards accreditation of ISO 27001 and relative standards.

In general, the role will expect the consultant to:
- Fully participate with the project team in the development of a comprehensive security framework that covers the design and application and operation of physical, procedural and technical security controls (the key controls defined in 15027001).
- Conducts security risk assessments for business applications and computer installations
- Provide authoritative advice and guidance on security strategies to manage the identified risk
- Develop policies and procedures for information security governance, and recommends appropriate control improvements.
- Interpret security policy and contributes to development of standards and guidelines that comply with this.
- Performs risk assessment, business impact analysis and accreditation for all major information systems within the organization.
- Develop policies and procedures to response for information asset classification
- Contribute to building a security awareness program, information Security
- Conducts security control reviews in well-defined areas.
- Assesses security of information and infrastructure components.
- Investigates and assesses risks of network attacks and recommends remedial action.
- Conducts business risk and vulnerability assessments and business impact analysis for well-defined business applications or IT installations.
- Contributes to the development of information security policies and standards.
- Assesses configurations and security procedures for adherence to legal and regulatory requirements.
- Reviews network usage, assesses the implications of any unacceptable usage and breaches of privileges or corporate policy, recommends appropriate action.
- Develops policies and procedures and guidance on the application and operation of security controls and communicates information assurance issues effectively to users of systems and networks.
- Develops policies and procedures to supervise and/or administer the operation of appropriate security controls (such as physical or logical access controls), as a production service to business system users.
- Develops policies and procedures to investigate suspected attacks and manage security incidents.
- Develops policies and procedures to identify threats to the confidentiality, integrity, availability, accountability and relevant compliance of information systems.
- Conducts risk and vulnerability assessments of business applications and computer installations in the light of these threats and recommends appropriate action to management.
- Provides authoritative advice and guidance on the application and operation of all types of security controls, including legislative or regulatory requirements such as data protection and software copyright law.
- Contributes to development of standards and guidelines.
- Participate fully in the work of small teams of security staff on complex IT security governance project.
- Delivers and contributes to the design and development of specialist IT security education and training to IT and system user management and staff.

Security Administration
- Drafts and maintains policy, standards procedures and documentation for security administration, taking account of current best practice, legislation and regulation.
- Ensures that all identified breaches in security are promptly and thoroughly investigated. Interviews offenders in conjunction with the relevant line manager or on own authority if the breach warrants it.
- In consultation with senior security personnel, devises and documents new or revised procedures relating to security control of all IT environments, systems, products or services (including physical security) in order to demonstrate continual improvement in control.
- Ensures that any system changes required to maintain security are implemented.
- Develops policy and procedures to monitor the application and compliance of security operations procedures, and reporting on non-compliance
- Develops policy and procedures to report any significant breaches in security to senior management including; interview procedures for offenders. As well as procedures for forensic evidence gathering, disciplinary measures, and criminal investigations.
- Devises new or revised procedures relating to security control of all IT environments, systems, products or services in order to demonstrate continual Improvement in control Including creation of auditable records, user documentation and security awareness literature.
- Contributes to the provision of training, guidance and support to other security administrators and their agents within the employing organization, in all aspects of security policy and control.

Technical Advice
- Capable of providing specific technical advice in the area of Information Security Governance.

Requirements

1. Bachelor degree in Computer Science, Information Technology, information Systems or other relevant degree
2. Minimum of 9 years IT experience ideally within the oil gas industry
3. Attain and maintain competence in accordance with the IT competency and development framework
4. Fluent in English language (demonstrated verbal & written skills) with well-developed interpersonal and
presentation skills and the ability to communicate to all levels.
5. Conversant with relevant IT national and international standards and has a deep understanding of own
specialism(s)
6. Practical experience in project management, IT Risk and Security.

Technical Knowledge and Skills:
- Application Development Methods, Techniques and Standards
- Infrastructure Architecture
- National international Standards
- Networking and Communications
- Operating Systems
- Programming Languages
- Corporate, industry and Professional Standards
-Telecommunications Protocols
- Operational/Service Architecture
- IT Audit
- Access Control Systems
- Business Continuity Planning
- Legislation
- Project Management
- Quality Management
- Risk Management
- Standards Writing Techniques
- Network Data Gathering Techniques

About the Company

Building businesses, changing lives

At Tandem, we’ve built a vast network of top-tier professionals across the globe. We empower businesses to thrive by delivering unmatched talent solutions. With our global reach, collaborative approach, and unwavering commitment to excellence, we drive transformative growth and shape exceptional teams.

Who we are.

We are a team of industry experts, driven by a passion for innovation and excellence. We are dedicated to providing unique talent solutions and nurturing collaborative partnerships that redefine success.

Get personalised updates on latest vacancies
Job Alerts by Email
  • Personalised updates on latest career opportunities
  • Insights on hiring and employment activity in your industry
  • Typically sent twice a month
Senior Sales Engineer salaries in Bahrain

Average monthly compensation
BHD 1,000

Breakdown available for industries, cities and years of experience