Senior Manager – Corporate Information Security

Ooredoo
Qatar

Ref: GP880-254
Ooredoo

The Role


The Role


This role is responsible for establishing and maintaining the enterprise vision, strategy and program to ensure information assets are adequately protected. It involves directing staff in identifying, developing, implementing and maintaining processes across the organization to reduce information and technology risks, respond to incidents, establish appropriate standards and controls, and direct the establishment and implementation of policies and procedures. As well as ensuring compliance.  It also involves establishing controls procedures for Business Continuity and Disaster Recovery Management ensuring service continuity.

Context
The role focuses on the strategic areas securing information, technology and service availability through effective planning and management.

Overview

* Define strategic security framework and roadmap for the organisation.
* Manage formulation of policies and procedures to protect information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction, Ensuring that the organisation maintains security best practices to comply with standards such as BS7799, ISO 17799 and ISO 27001.
* Work with corporate risk team for evaluating and managing corporate risk and incorporating it as part of the overall Security and Business Continuity/ Disaster Recovery plans and strategy
* Information risk management, identification, assessment, and prioritization of risks (defined in ISO 31000) followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate event
* Managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes.
* Application of the concepts of information management and corporate risk to the practices and technologies of physical security in order to have a complete security framework.
* Managing convergence of technical and physical security controls and solutions.
* Manage department budget and expenses in line with corporate spending
* Represent Qtel at security forums, working groups and committees.
* Corporate regulatory compliance, ensuring the personnel within the corporate are aware of and take steps to comply with relevant laws and regulations, as well as the policies and procedures ensuring the corporate is aligned to appropriate ICT regulatory laws.
* Managing governance and enforcement of Information technology controls related to the confidentiality, integrity, and availability of data.  Taking into consideration IT general controls ITGC and IT application controls in line with control frameworks such as COBIT and SOX where applicable.
* Development of Information privacy framework, covering the relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them
* Development and commissioning of Computer Emergency Response Team / Computer Security Incident Response Team to help with security incidents related to the corporate or Qtel as a service provider in close co-ordination with QCERT for national incidents.
* Ensuring deployment and enforcement of procedural and technical controls for Identity and access management to corporate resources having data.
* Work with teams to ensure appropriate security architecture and solutions are deployed covering network, physical, application or system security.  Working with other BU's to bring the necessary tools and solutions in place to help with compliance and effective security monitoring.
* Develop and conduct user awareness to internal users and subscribers.
* Development of teams, units and procedures to carry our security investigations and digital systems and network forensics.
* Establishing Business Continuity/Disaster Recovery planning policies and guidelines, and monitoring implementation compliance against defined policies.
* Establishing corporate resilience policies and guidelines including excess capacity, redundancies, and failovers
* Establishment of a Security Operations Center a place where enterprise information systems (web sites, applications, databases, data centers and servers, networks, desktops and other endpoints) are monitored, assessed and defended.  Teams will monitor information systems for alarms and conditions to prevent, detect and manage cyber-attacks and other IT security incidents.
* Develop approaches to generate revenue through security with business solutions and customer BU's.
* Work with other BU's in providing security technologies/services to subscribers and external customers in order to generate a new revenue stream for Qtel.
* Work with internal audit teams and external consultants as appropriate for audits related to security management or Business Continuity/ Disaster Recovery management.
* Ensure timely monitoring and management of KPIs in order to meet defined targets for the organisation, and manage timely reporting of KPIs to executive management.
* Contribute to the Corporate strategic map and initiatives.
* Communicate periodic status reports to higher management and escalate potential issues as appropriate.
* Analyze current department processes and propose enhancements for further improvement.
* Keep a pulse on market trends and developments, future prospects and internal issues to make informed decisions. 

Managing policies and governance of physical security asset protection; personnel security; systems and products

Costs and Profitability

* Meet Qtel productivity and quality goals.
* Ensure data security
* Optimize resources and identify cost saving.
* Ensure business continuity as well as robust recovery mechanisms to minimize revenue loss.

Business orientation

* Prepare policies and procedural recommendations, guidelines, and progress reports for issues related to security compliance.
* Support business delivery by applying best practice business continuity, resilience and security planning.

Planning and Organising

* Develop plans and procedures to implement activities to improve quality and efficiency security for the organisation.
* Monitor department Qtel in line with Corporate score card.
* Direct staff in the development, analysis, and preparation of reports.

Problem Solving

* Make sure all issues are reported timely and accurately.
* Implement a problem resolution strategy and plan resource allocation aiming to minimize problem resolution time.
* Ensure all issues are solved within permitted timeframe.
* Assume full disaster recovery responsibility to recover corporate security services in an effective and efficient manner.

Communicating, negotiating and influencing

* Establish and manage multiple cross-functional relationships, coordination and communication lines with operating units & corporate centres.
* Provide leadership, direction, planning and unity of purpose to staff in the department.
* Regularly communicate organizational decisions and policies and BU strategy with staff.

Requirements


Requirements


Minimum Experience and Essential Knowledge

* 12 years experience in telecoms engineering with significant skills in telecom networks and IT security, and Business Continuity/ Disaster Recovery management
* 6 years management experience
* Thorough understanding of network and IT security and Business Continuity/ Disaster Recovery standards and procedures in telecom
* Excellent interpersonal, communication, negotiation and leadership skills
* Innovative and creative thinker
* Fluent in spoken and written English

Minimum Entry Qualifications

* Bachelors Degree in telecoms engineering, or Information Technology, or equivalent
* 12 years in telecom networks and IT security or Business Continuity/ Disaster Recovery management
* 6 years management experience

* Timely reporting on security, network resilience and Business Continuity/ Disaster Recovery compliance
* Internal customer (BUs) satisfaction
* Employee awareness of security procedures

Employee awareness of Business Continuity/ Disaster Recovery procedures

About the Company


About the Company


Ooredoo, formerly known as Qatar Telecom (Qtel), is a leading international communications company delivering mobile, fixed, broadband internet and corporate managed services tailored to the needs of consumers and businesses across markets in the Middle East, North Africa and South-East Asia. As a community-focused company, Ooredoo is guided by its vision of enriching people’s lives and its belief that it can stimulate human growth by leveraging communications to help people achieve their full potential. Ooredoo has a presence in Qatar, Kuwait, Oman, Algeria, Tunisia, Iraq, Palestine, the Maldives and Indonesia. Ooredoo’s shares are listed on the Qatar Exchange and the Abu Dhabi Securities Exchange.
This Position is closed or expired