Skills: IT - Analysis & Management
Experience: 10 + Years
Education: Bachelors/3-5 yr Degree
INFORMATION & COMMUNICATION TECHNOLOGY
SR. INFORMATION SECURITY ANALYST (Governance, Risk & Controls)
Primary Purpose of Job
Governance and execution of the Information Security Management System (ISMS) including developing policies, standards and procedures required for the corporate information security in both an information technology (IT) and operational technology (OT) capacity. Define required information security policies, standards and procedures related to their areas of operation as well as raising awareness of those polices, standards and procedures. Conduct compliance and operational maturity assessments to ensure optimal operation of the information and operational technology environments under the guidelines of the ISMS.
• Bachelor degree in information security, computer science, or engineering. • Professional certifications in information security management and standards compliance (e.g., CISSP, CISA, GIAC, ISO 27001, etc.) and experience with control frameworks (e.g., NIST Cybersecurity Control Framework).
Experience & Skills
• 10+ years of relevant professional experience. • Experience with large ICS & ICT environments in the Energy sector, preferably in Oil & Gas. • Experience with and understanding of customized information security management systems. • Experience in information security awareness initiatives and community building. • Knowledge of information security capabilities and requirements analysis. • Knowledge of relevant state laws, industry regulations, and security standards. • Excellent written, verbal and presentation communication skills. • Maintain and improve the Information Security Management System (ISMS) and implement and maintain ISMS-related standards, documentation and practices. • Identify, document and validate evolving governance requirements in support of ISMS improvements and align and integrate information security standards and practices with standards and practices of other Directorates. • Periodically assess compliance and maturity within Qatar Petroleum and report status against adopted standards, national information security-related regulations and maturity model. • Maintain updated mappings of compliance checklists to national laws and regulations. • Participate in the information security incident management process where necessary to ensure the operational availability, integrity and confidentiality of Qatar Petroleum environments. • Represent the Information Security Department internally within Qatar Petroleum (e.g., Change Advisory Panel, Projects, etc.) and externally with government bodies as directed. • Actively engage directorates in order to build a collaborative information security environment and community, championing "grass roots" efforts to improve information security throughout the organization. • Coordinate and align activities between Information Security and Business Continuity and liaise within QP-IT to ensure business continuity and disaster recovery plans are in place, tested, and report regularly • Drive, implement and manage security projects for the department