Job description / Role
• Primary responsible for planning, coordinating and organizing information Security activities
• Enforce and monitor the implementation and compliance with IT Information Security Policy.
• Develop and manage the implementation of Information Security Policies and Procedures.
• Ensure Risk Assessments are conducted on all information systems such as people, process, technology and information processing facilities.
• Ensure implementation of all Information Security controls, as set forth in the Risk Treatment Plan, to ensure adequate security for the respective system.
• Conduct Information Security communications and outreach by leveraging the Information Security Management System (ISMS) committee.
• Establish appropriate measures to assess operational capabilities and determine compliance and effectiveness levels with Information Security Policy.
• Supervise other related assurance functions, as necessary
• Ensure the compliance of Information Security Policies in the organization.
• Develop and ensure implementation of Information Security procedures.
• Develop and ensure implementation of incident handling and reporting.
• Follow-up, escalate and report the resolution of Information Security issues identified during security assessments, penetration tests and audits.
• Develop, implement and maintain Disaster Recovery (DR) procedures and infrastructure in relation to the Business Continuity Plan (BCP)/ IT Service Contingency Plan.
• Conduct and coordinate Information Security awareness and orientation programs
• Responsible for conducting Committee meeting.
• Incident Management: Establish a formal procedure for internally reporting and tracking security incidents ensure incident response and escalation procedures are followed, and inform all employees, contractors, and third-party users of their responsibility to report security incidents.
• Incident Handling: Participate and/or oversee in the investigation and management of information security events and policy violations and track to conclusion.
• Incident Notification and Reporting: Follow policy for the notification and reporting of incidents immediately upon discovery.
• Lessons Learned: Develop and document corrective action plans and implement Preventive actions to mitigate recurrence.
• Analyze a Security incident to detect an underlying problem exists, or is likely to exist.
• Categorize and prioritize the problem based on the frequency, severity and impact of incident
• Investigate and diagnose the root cause of the problem
• Test and apply the temporary workarounds
• Document the known error record
• Risk Management Program: Create a formal process to address risk through the coordination and control of activities regarding each risk.
• Risk Assessment: Conduct formal vulnerability assessments of the environment on a regular basis.
• Provide guidance and direct input to the development plans and performance management of direct reports to meet the objectives.
• Operational Procedures: Lead in the development and documentation of operating procedures
• Protecting Against Malicious Code: Activities required for the prevention and detection of malicious code, which could cause a disruption in business.
• Backup Functions: Lead activities required for the integrity and availability of information and systems.
• Network Security Management: Activities required for the protection of networks and supporting infrastructure.
• Media Handling: Activities for the prevention of unauthorized disclosure, modification, removal, or destruction of information
• Exchange of Information: Lead in the development and implementation of a formal information and application exchange with internal and external entities.
• Electronic Messaging: Lead in the development of policies and procedures needed to protect electronic messages and systems.
• Electronic Online Services: Lead in the development of security measures to ensure the integrity and confidential of information systems accessed from outside.
• Monitoring: Ensure that operational policies and procedures are being followed.
• Internal Compliance: Implement internal procedures to ensure compliance requirements are met, organizational records are protected and controls are in place.
• External Compliance: Ensure Aspire zone foundation is adhering to all applicable laws, regulations, statutes, and state requirements."
• 8-10 years of experience in systems, Network & IT security;
• 5-6 Year of experience in Information Security;
• Management skills.
• Bachelor’s engineering degree in Computer Science/Electronics & Communication Science.
• Certification in Information Security by an international established, approved consortium like ISACA, ISC2 etc.
• Subject matter expert in Information Security "
About the Company
INTALEQ is a Qatar based Sports & Entertainment Technology Solutions and Services provider aspiring to be a global technology player in the niche fields of Sports and Entertainment Technology. Established as a joint venture between Aspire Zone Foundation in Qatar and Ooredoo, a Qatar based global telecom services provider, INTALEQ is a spin off from the technology team of Aspire Zone Foundation and is currently playing a lead role in the country’s preparation for the World Cup Football Tournament in 2022.
Over the years, INTALEQ has created several innovative IT products and solutions related to Sports Venue Management and Event Management that have been deployed for a wide range of events & tournaments hosted within Aspire Zone Foundation’s multi-sports complex since the Doha Asian Games in 2006. The highly skilled team of in-house Sports Technology professionals have also been instrumental in the creations of several unique solutions across multiple areas of Sports Science, Sports Performance, Sports Medicine and in addition several unique Fan Engagement Solutions. With the World Cup at its door steps, Qatar is also going through transformation in its Sports technology sector where INTALEQ is playing a lead consulting and service provider role.
With our deep rooted passion for sports, INTALEQ believes that it can contribute to the success of any sports entity or event organizer by establishing long-lasting partnerships that leverage our wealth in sports technology for the betterment of sports, athletes and the global fan community.
Information Security Officer
Arab Payment Services (APS)
IT Manager (Financial Institution)
Stratus Recruitment International
IT Audit Manager - Information Security