Talent.com
SR. INFORMATION SECURITY ANALYST

SR. INFORMATION SECURITY ANALYST

QatarEnergyDoha, Ad-Dawhah, Qatar
منذ أكثر من 30 يومًا
الوصف الوظيفي

Overview

Join to apply for the SR. INFORMATION SECURITY ANALYST role at QatarEnergy

Primary purpose of the job

Governance and execution of the Information Security Management System (ISMS) including developing policies, standards and procedures required for the corporate information security in both an Information technology (IT) and Operational Technology (OT) capacity. Define required information security policies, standards and procedures related to their areas of operation as well as raising awareness of those polices, standards and procedures. Ensure adequate and effective IT controls exist to meet applicable current and future security compliance requirements. Conduct compliance and operational maturity assessments to ensure optimal operation of the information and operational technology environments under the guidelines of the ISMS. Develop reporting metrics, dashboards and evidences of compliance activities. Coordinate with IT stakeholders, project managers, and business owners to facilitate vendor risk assessments, due diligence review and security requirements definition. Maintain third-party assessment documentation. Stay updated on the latest security trends, emerging threats and best practices to continuously improve the overall security posture. Coordinate and align activities between Information Security and Business Continuity, and liaise within IT Department to ensure business continuity and disaster recovery plans are in place, tested, and report regularly. Carry out other Security related activities as assigned by team Lead.

Responsibilities

  • Governance and execution of the ISMS, including developing policies, standards and procedures for IT and OT security.
  • Define information security policies, standards and procedures and raise awareness among stakeholders.
  • Ensure IT controls meet current and future security compliance requirements.
  • Conduct compliance and operational maturity assessments of IT and OT environments.
  • Develop reporting metrics, dashboards, and evidences of compliance activities.
  • Coordinate with IT stakeholders, project managers, and business owners for vendor risk assessments and due diligence.
  • Maintain third-party assessment documentation.
  • Stay updated on security trends and best practices to improve security posture.
  • Coordinate with Business Continuity and IT to ensure disaster recovery plans are in place and tested.
  • Perform other security activities as assigned by team lead.

Required experience and skills

  • 10+ years of relevant professional experience.
  • Experience with large ICS & ICT environments in the Energy sector, preferably in Oil & Gas.
  • Experience with and understanding of customized information security management systems.
  • Experience in defining Governance, Risk, and Compliance (GRC) processes and leveraging industry-standard GRC tools and products.
  • Knowledge of information security capabilities and requirements analysis.
  • Knowledge of relevant state laws, industry regulations, and security standards.
  • Excellent written, verbal and presentation communication skills.

    • Educational qualifications

    Bachelor degree in information security, computer science, or engineering.

  • Professional certifications in information security management and standards compliance (e.g., CISSP, CISM, CRISC, GIAC, ISO27001, etc.) and experience with control frameworks (e.g., NIST Cybersecurity Control Framework).

    • Seniority level

  • Not Applicable

    • Employment type

  • Full-time

    • Job function

  • Information Technology

    • Industries

  • Oil and Gas

    • #J-18808-Ljbffr

    إنشاء تنبيه وظيفي لهذا البحث

    Information Security Security • Doha, Ad-Dawhah, Qatar