Job description / Role
The Information Security Officer (ISO) will serve as the focal point for security compliance related activities and responsibilities. The ISO is generally responsible for obtaining or developing the IT Department policies and procedures, reviewing the conduct of those assigned to specific security duties, as well as administering the reviews relating to the overall security program. Conduct and implement all security audits and tasks of the risk and threat plan in accordance with standards policies and procedures, to ensure that the integrity, confidentiality and availability of information is not compromised across the Entity.
ISO need to ensure that appropriate security measures are in place, properly maintained, administered and ensures that the Company's systems are protected against external or internal threats, attacks or attempts to penetrate the defense of the network. The ISO will also be responsible in ensuring that training programs are conducted to enhance the general security awareness for the business users.
• Assist in the implementation and enforcement of the ISMS (Information Security Management Systems)
• Carries out checks and audits on security devices such as firewall, IDS, VPN, etc. to ensure compliance to policies and standard
• Conducts active internal penetration tests; discover vulnerabilities in information systems
• Provide periodic reporting on information security issues to IT Manager.
• Participate in identifying, assessing and analyzing security risks, threats, gaps and vulnerabilities of the information
• Participate in the implementation of corrective measures in accordance with local and international standards and security policies National information
• Planning, implementing, designing and reviewing security policies, procedures, guidelines and technical standards Which ensures protection against threats to information systems
• Act as a specialist in security solutions and in complex tasks.
• Closely follow and respond to MOI/QCERT directives in a timely manner
• Review Server monitoring systems and assess the IT admins usage
• Manages and supports networking and security services in LAN, WAN and Internet network infrastructure
• Testing – responsible for testing any new system or process which contains security elements before release to the live environment and periodically coordinating external vendor efforts to test Company's external defenses.
• Carries out detail forensic activities in case of investigations and prepare Root Cause Analyses report for the management
• Operations Control and Security of Company's Systems – operationally responsible for ensuring that Company's systems are protected and user access and scope are appropriate to the business requirements
• Participate in the implementation of all relevant projects.
Qualifications, Experience and Skills:
• Degree in Computer Science or a technology-related field
• Should have minimum of 4 years sound experience in Security Architecture and hands on experience in assessments and implementation of security technologies
Job Specific Skills:
• CISSP, CISA, ECIH, GCIH, CEH
• Professional information security certification.
• Knowledge of data integrity protection processes at the system level
• Experience in an information security role.
• Solid knowledge of various information security frameworks.
• Excellent problem-solving and analytical skills.
• Ability to educate a non-technical audience about various security measure.
• Effective verbal and written communication skills.
• Security penetration tests and corrective actions
• Patch management skills with proper deployment techniques
• Preparation and delivery of impact and privacy assessment (PIA), sensitivity statement (SOS), risk and threat assessments (TRA) and vulnerability assessments (VA).
About the Company
A leading Financial Organization in Qatar.