Senior Specialist IT Security

Tandem Search

Qatar

Ref: KP709-2110

Job description / Role

Employment: Full Time

One of the leading banks in Qatar with the group having one of the highest assets portfolios in the GCC requires a Senior Specialist IT Security.

The incumbent has the primary responsibility of protecting bank’s critical information assets and implement adequate and cost-effective controls to counter the risk of information loss, theft and unavailability. The person will evaluate, design, implement and operate security best practices across the all departments and entities of the bank. The incumbent will also assume primary responsibility for:
- Securing and managing the security controls for critical banking and infrastructure applications and processes in the environment including core banking, internet banking, email, remote access, network access,
- Performing periodic risk assessments and technical vulnerability assessments
- Review and analyse security log monitoring reports
- Analyse security incidents, create incident response plans, create detailed incident reports, and recommend suitable corrective and preventive actions.
- Implement industry standards and best practises like ISO 27001, ISO 31000, PCI DSS, COBIT.
- Supporting external and internal audit efforts by providing accurate user account information

Shareholder & Financial:
- Minimize or eliminate business downtime and revenue loss due to security incidents and system unavailability
- Eliminate security incidents and bad publicity that can potentially tarnish bank’s public image and thereby result in loss of customer confidence in using bank’s services.
- Provide timely reports and updates on the effectives of the enterprise risk management program across the bank.
- Provide input to the Head of Information and Network Security

Customer (Internal & External):
- Build and maintain strong and effective relationship with all other related departments and units to achieve the Group’s goals/ objectives.
- Provide timely and accurate information to the external and internal auditors and the compliance function, as and when required.
- Coordinate with Head of IT Security Enforcement to ensure receipt of timely updates on new rules and regulations from the bank and other applicable regulators pertaining to IT Security and ensure timely compliance with the same.
- Coordinate with ITD and ITD vendors to ensure the effective and consistent implementation of information security policies and standards across IT systems and applications.
- Liaise with external consultants appointed from time to time to assess the adequacy and effectiveness of the Group’s information security controls.

Internal (Processes, Products, Regulatory):
- Create functional policies, procedures and baseline security standards to support the banks corporate security policies.
- Notify the Head of IT Security and Regulations of processes which will be impacted by security program initiatives
- Update the Head of IT Security and Regulations about the status of the Information Security Management System.
- Research and propose information security products and services to protect and enhance the Group’s network infrastructure.
- Work with the Head of IT Security and Regulations and Head of Information Security to evaluate, design and manage the implementation of new security products and solutions.
- Perform information security risk assessments and network, system and application vulnerability assessment
- Implement appropriate security controls and frameworks based on ISO 27001:2005, PCI DSS, ITIL, COBIT
- Periodically review and enhance current policies – procedures- standards.
- Analyse security incidents, create detailed incident reports, perform root cause analysis, recommend suitable corrective and preventive actions and plans
- Track latest security vulnerabilities affecting the banks systems, recommend appropriate security patches, monitor patch implementation
- Monitor effectiveness of Anti-Virus implementation
- Manage the operations of intrusion – extrusion systems.
- Review and enhance the effectiveness of intrusion – extrusion systems.
- Coordinate with other departments to solve security issues and banking frauds.
- Assist in promoting activities to foster information security awareness within the Group.
- Update and communicate legislative/regulatory issues which impact the security program.
- Oversee the vendors and Group personnel responsible for safeguarding the Group's assets, intellectual property and computer systems.
- Ensure that all system data is secured from unauthorized inquiries, intrusions, user errors, and system failures. Identify and implement methods for protecting system integrity.
- Develop and maintain a secure list of active access groups and users. Retain confidential inventory and schematics of all access-controlled points and access panels.
- Recommend software and technology modifications. Establish standards for credentials and technical applications.

Learning & Knowledge:
- Provide direct information security training to all Group personnel, as and when required.
- Possess an understanding of business processes and controls in all related operational areas.
- Coordinate with an expert understanding of information security issues, best practices, and a working knowledge of IT systems.
- Address and resolve complaints of departmental/ unit personnel and manage/ assess their performance.

Other:
- Maintain confidentiality with respect to commercially sensitive information.

Requirements

- Bachelor/ Master’s Degree preferably in computer science, computer engineering or related subjects.
- Professional certification such as CISSP, GSEC, CISA
- Minimum of 5 to 7 years experience in a major bank of which at least 3 years experience in the total ambit of information security.

Required Special Skills:
- Intelligent, articulate and persuasive leader.
- Deep understanding of system architectures, networks and evolving technology.
- Ability to communicate information security-related concepts to a broad spectrum of technical and non-technical staff.
- Risk Management skills (risk identification, risk assessment, risk mitigation) along with extensive knowledge in disaster recovery planning.
- Maintain an understanding of all pertinent local and international regulations as well as best practices pertaining to information security.
- Excellent oral and written communication skills in English and Arabic (preferred).
- Well-developed analytical and interpersonal skills.
- Self-motivated, eye for detail.
- Ability to persuade others.
- Flexible team player and able to work and deliver under pressure.
- Ability to inspire and motivate others to gain commitment.
- Exercise high degree of initiative and thinking to perform complex tasks where no procedures or processes are available.

Operating Environment/ Location:
- Located at the Headquarters with visits to domestic and overseas entities, as and when required/ considered necessary.

Framework and Boundaries:
- Group’s overall strategic plan.
- Budgetary/ scorecard targets.
- Applicable policies, procedures and guidelines including pertinent regulations and related best practices.
- Delegated and re-delegated authorities as per the delegation of authority structure.
- Instructions of the Head of Information Security, Head of IT Security and Regulations.

Communications and Working Relationships:
- Heads of Group departments/ divisions/ units.
- Regulatory authorities, external auditors, external professional associations/ bodies, external consultants etc.

About the Company

Building businesses, changing lives

At Tandem, we’ve built a vast network of top-tier professionals across the globe. We empower businesses to thrive by delivering unmatched talent solutions. With our global reach, collaborative approach, and unwavering commitment to excellence, we drive transformative growth and shape exceptional teams.

Who we are.

We are a team of industry experts, driven by a passion for innovation and excellence. We are dedicated to providing unique talent solutions and nurturing collaborative partnerships that redefine success.

Get personalised updates on latest vacancies
Job Alerts by Email
  • Personalised updates on latest career opportunities
  • Insights on hiring and employment activity in your industry
  • Typically sent twice a month