Skills: IT - Analysis & Management
Experience: 5 + Years
Education: Bachelors/3-5 yr Degree
No location/work authorization restrictions found.
SR. INTERNAL AUDITOR
Primary Purpose of Job
1. Conducting IT and cyber security audits of complex information technology including evaluating whether security vulnerabilities are properly identified and mitigated.
2. Assess the design and effectiveness of QP's IT controls.
3. Review and validate the compliance of computing environments against internal and external requirements for confidentiality, integrity and availability of information.
4. Analyze security practices for logical, physical, and operational security.
5. Conducting fieldwork to gather and/or verify information and ensuring all procedures and testing necessary to meet audit objectives take place; conducting tests of internal controls for audits of IT infrastructure, networks, cybersecurity, telecommunications and other technical services.
6. Perform assessments of systems and networks within the network environment and identify where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.
7. Measure effectiveness of defense-in-depth architecture against known vulnerabilities.
1. Bachelor's degree in Computer Science, Information / Cyber Security or a related field.
1. Certification(s) such as Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA) or Certified Information Systems Security Professional (CISSP)
2. Experience in Operational Technology (OT) Security a plus
Experience & Skills
1.Five years of Information system audit or security experience (preferably in the Oil & Gas industry)
2. Must have solid knowledge of Active Directory, databases (Oracle, SQL Server), virtual networks, firewalls, cloud-based technologies, application development methodologies, ERP systems such as SAP ERP / SAP Hana
3. Experience with information security management frameworks (e.g., NIST, ISO, SANS Top 20 Critical Security Controls, COBIT and ITIL)
4. Cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
5.Computer networking concepts and protocols, and network security methodologies.
6. Risk management processes (e.g., methods for assessing and mitigating risk)
7. Business continuity and disaster recovery continuity of operations plans.
8 .Understanding of fundamental business processes, risks, controls, and security controls (e.g., Access Management, Logical and Physical Security, Networking security standards, ISO standards, Data Privacy and security best practices)
Qatar Petroleum is an integrated national oil company (NOC) responsible for the sustainable development of the oil and gas industry in Qatar and beyond.
Qatar Petroleum’s activities encompass the entire spectrum of the oil and gas value chain locally, regionally, and internationally, and include the exploration, refining, production, marketing and sales of oil and gas, liquefied natural gas (LNG), natural gas liquids (NGL), gas to liquids (GTL) products, refined products, petrochemicals, fertilizers, steel and aluminum.
Qatar Petroleum is committed to contribute to a better future by meeting today’s economic needs, while safeguarding our environment and resources for generations to come. Thriving on innovation and excellence, Qatar Petroleum is bound to the highest levels of sustainable human, socio-economic, and environmental development in Qatar and beyond.
For more information, please visit www.qp.com.qa