SR. INFORMATION SECURITY ANALYST

Overview

Join to apply for the

SR. INFORMATION SECURITY ANALYST

role at

QatarEnergy Primary purpose of the job

Governance and execution of the Information Security Management System (ISMS) including developing policies, standards and procedures required for the corporate information security in both an Information technology (IT) and Operational Technology (OT) capacity. Define required information security policies, standards and procedures related to their areas of operation as well as raising awareness of those polices, standards and procedures. Ensure adequate and effective IT controls exist to meet applicable current and future security compliance requirements. Conduct compliance and operational maturity assessments to ensure optimal operation of the information and operational technology environments under the guidelines of the ISMS. Develop reporting metrics, dashboards and evidences of compliance activities. Coordinate with IT stakeholders, project managers, and business owners to facilitate vendor risk assessments, due diligence review and security requirements definition. Maintain third-party assessment documentation. Stay updated on the latest security trends, emerging threats and best practices to continuously improve the overall security posture. Coordinate and align activities between Information Security and Business Continuity, and liaise within IT Department to ensure business continuity and disaster recovery plans are in place, tested, and report regularly. Carry out other Security related activities as assigned by team Lead. Responsibilities

Governance and execution of the ISMS, including developing policies, standards and procedures for IT and OT security. Define information security policies, standards and procedures and raise awareness among stakeholders. Ensure IT controls meet current and future security compliance requirements. Conduct compliance and operational maturity assessments of IT and OT environments. Develop reporting metrics, dashboards, and evidences of compliance activities. Coordinate with IT stakeholders, project managers, and business owners for vendor risk assessments and due diligence. Maintain third-party assessment documentation. Stay updated on security trends and best practices to improve security posture. Coordinate with Business Continuity and IT to ensure disaster recovery plans are in place and tested. Perform other security activities as assigned by team lead. Required experience and skills

10+ years of relevant professional experience. Experience with large ICS & ICT environments in the Energy sector, preferably in Oil & Gas. Experience with and understanding of customized information security management systems. Experience in defining Governance, Risk, and Compliance (GRC) processes and leveraging industry-standard GRC tools and products. Knowledge of information security capabilities and requirements analysis. Knowledge of relevant state laws, industry regulations, and security standards. Excellent written, verbal and presentation communication skills. Educational qualifications

Bachelor degree in information security, computer science, or engineering. Professional certifications in information security management and standards compliance (e.g., CISSP, CISM, CRISC, GIAC, ISO27001, etc.) and experience with control frameworks (e.g., NIST Cybersecurity Control Framework). Seniority level

Not Applicable Employment type

Full-time Job function

Information Technology Industries

Oil and Gas

#J-18808-Ljbffr