Skills: IT - Analysis & Management
Experience: 10 + Years
Education: Bachelors/3-5 yr Degree
INFORMATION & COMMUNICATION TECHNOLOGY
SR. INFORMATION SECURITY RISK ANALYST
Primary Purpose of Job
Enhance information security posture of QP (IT and OT) by assessing and managing the risks as per the corporate information security risk management standard. Assure effective mitigation and communication of the risks to the management and business owners. Provide expert advice (Technical and administrative) for management of the risks. Inform and report information security risks to business stakeholders and information security management. Validate information security mitigation plans implementation.
• Bachelor degree in information security, computer science, or systems engineering.
• Professional certifications related to Information security like ISO27001, ISO27005, CISSP, CISA, GIAC, CEH or others.
Experience & Skills
• Knowledge of fundamental security principles and challenges in their practical application
• Knowledge of information security capabilities and requirements analysis
• 10+ years of relevant professional experience.
• Experience with large ICS & ICT environments in the Energy sector, preferably in Oil & Gas • Ability to communicate the urgency and severity of complex risk scenarios in simple language
• Excellent written and verbal business communication skills • Ensure compliance to Corporate Information Security Risk Management Standard and provide security advisory services.
• Perform periodic risk management activities within IT and OT during multiple phases of project lifecycle, communicate risks and mitigation actions to business stakeholders and support the business in defining cyber and information security requirements.
• Identify critical information systems and supporting systems for QP business processes and projects
. • Propose cost effective information security controls for the remediation of risk and evaluate existing information security controls, providing assurance of control implementations as required.
• Develop and manage information security risk register, including the development of risks acceptance reports, and communicate risks to the business if required.
• Develop and maintain security controls framework in compliance with state law, international standards and best practices as well as metrics for reporting control effectiveness.
Qatar Petroleum is an integrated national oil company (NOC) responsible for the sustainable development of the oil and gas industry in Qatar and beyond.
Qatar Petroleum’s activities encompass the entire spectrum of the oil and gas value chain locally, regionally, and internationally, and include the exploration, refining, production, marketing and sales of oil and gas, liquefied natural gas (LNG), natural gas liquids (NGL), gas to liquids (GTL) products, refined products, petrochemicals, fertilizers, steel and aluminum.
Qatar Petroleum is committed to contribute to a better future by meeting today’s economic needs, while safeguarding our environment and resources for generations to come. Thriving on innovation and excellence, Qatar Petroleum is bound to the highest levels of sustainable human, socio-economic, and environmental development in Qatar and beyond.
For more information, please visit www.qp.com.qa