IT Governance and Security Team Lead

Overview

Information security governance ensures that an organization has the correct information structure, leadership, and guidance. Helps in ensuring that a company has the proper processes and administrative security controls to mitigate risk. Job Summary : To lead the ongoing development of the Information Security Management System (ISMS), Qatar Cybersecurity Framework (QCSF), National Information Assurance Policy (NIAP – Qatar) and the effective provisioning of information security governance. To provide leadership in embedding a positive culture of information security awareness and compliance Organization-wide. Manage and improve the organization’s security posture while ensuring compliance with industry standards and regulations. Objectives of the Role : Develop, implement, and maintain a robust IT governance framework aligned with industry standards and organizational goals. Create and review IT policies, procedures, and standards for compliance and operational efficiency. Conduct regular reviews of governance practices to ensure they are up to date with regulatory changes and best practices. Ensure the governance framework is consistently applied across all IT operations and projects. Collaborate with stakeholders to ensure alignment between IT governance objectives and business strategies. Lead the design and implementation of security measures to prevent unauthorized access and data breaches. Oversee the development and execution of cybersecurity initiatives aligned with business needs. Implement security technologies, such as firewalls, encryption tools, and intrusion detection systems (IDS). Regularly assess the security posture and adapt the strategy to address emerging threats. Manage & Maintain Information Security Management Program & Documentation. (Policies, Procedures, Manuals & etc.) Manage Business Continuity program, team / s and resources. Ensure compliance with relevant regulations (e.g., GDPR, HIPAA, SOX, PCI-DSS) and industry standards (e.g., ISO 27001). Create and maintain documentation for compliance audits, regulatory reporting, and risk assessments. Coordinate and facilitate internal and external audits for IT governance and security processes. Ensure the organization adheres to data privacy and protection regulations. Monitor compliance with internal IT policies and procedures. Identify and assess IT security risks through regular risk assessments and vulnerability scans. Develop and implement a comprehensive risk management plan for identifying, evaluating, and mitigating risks. Oversee the creation of incident response plans for handling security breaches or cyberattacks. Lead investigations into security incidents, document findings, and initiate corrective actions. Coordinate with relevant teams to ensure a quick and effective response to security incidents. Security Incidents (Ensuring and leading security incident management and response) Information Security KPIs (follow up with teams to ensure ISMS performance are monitored and reported as and when required) Information Security Information Provision (Ensuring security related information is provided as required both internal & external to the company) Skills & Knowledge Development (Ensuring skill sets of assigned teams is up to date). Act as the primary point of contact for all IT governance and security-related matters across the organization. Collaborate with business units to ensure the integration of governance and security practices into business operations. Provide regular updates to executive leadership on the status of IT security, risk management, and compliance initiatives. Develop and present detailed reports on security risks, incidents, and mitigation plans for senior management and board meetings. Work with external stakeholders (vendors, partners) to ensure governance and security standards are upheld. Information Security Awareness (Ensuring that Information security awareness is promoted throughout the business) Evaluate and manage security risks associated with third-party vendors and partners. Review vendor contracts and ensure security requirements are clearly defined and included. Assess third-party security practices through audits, assessments, and questionnaires. Implement and manage third-party access controls, ensuring secure integration into the organization’s systems. Conduct periodic reviews of third-party vendors to ensure ongoing compliance with security and governance standards. Coordinate and manage regular penetration testing to assess system vulnerabilities and potential threats. Lead security audits, ensuring all IT systems, policies, and controls are tested for compliance and effectiveness. Address findings from security audits, implementing corrective actions to mitigate identified vulnerabilities. Monitor and report on the results of penetration testing and audits to senior management. Work with development and infrastructure teams to ensure that issues identified during audits are addressed in a timely manner. Qualifications, Certificates & Skills : Bachelor’s / Master’s Degree in Computer Science, Information Technology, Cybersecurity, or a related field. (or) Information Security, Business Administration, or related fields is preferred but not mandatory. 10 + Years overall IT with 5 + years in Cyber Security & Governance. CISSP

– Demonstrates expertise in cybersecurity and IT governance. CISM

– For individuals focusing on managing and governing an organization’s information security program. CISA

– Useful for professionals involved in auditing, control, and assurance of information systems. CRISC

– Specialized in risk management and control within IT environments. ISO / IEC 27001 Lead Implementer or Lead Auditor

– For those overseeing information security management systems (ISMS) and ensuring compliance. COBIT 5 or COBIT 2019 Certification

– Useful for IT governance frameworks and managing IT risk and performance. NIST Cybersecurity Framework Certification

– Understanding of NIST standards for managing cybersecurity risks. Cybersecurity Technologies : Knowledge of firewalls, IDS / IPS, endpoint protection, VPNs, encryption technologies, and vulnerability management tools. Risk Management Tools : Experience with risk management platforms and tools like RSA Archer, Risk Watch, or similar. Network Security : Familiarity with network security protocols, VPN, DNS security, and secure network architectures. Security Incident & Event Management (SIEM) : Experience with SIEM tools for real-time monitoring and response. Governance, Risk & Compliance (GRC) Platforms : Familiarity with GRC tools for managing IT compliance and risks. Cloud Security : Expertise in securing cloud environments (AWS, Azure, GCP) and understanding shared responsibility models in cloud platforms. Identity and Access Management (IAM) : Knowledge of IAM tools like Okta, Active Directory, or similar solutions. Penetration Testing & Vulnerability Scanning : Experience using tools like Kali Linux, Nessus, or OpenVAS for testing vulnerabilities in systems and applications. Security Architecture : Knowledge of designing secure IT infrastructures and systems based on industry standards and frameworks. Seniority level

Mid-Senior level Employment type

Full-time Job function

Information Technology Industries

Manufacturing

#J-18808-Ljbffr