Company: QatarEnergy
Skills: IT - Analysis & Management
Experience: 10 + Years
Education: Bachelors/3-5 yr Degree
Location: Qatar



Primary Purpose of Job
Qatar Energy is expansion their trading services and data flows globally to their consumers for communication and e-business. As global interconnectivity this will grow the exposure to the risks of cyberattacks. To enhance the information security trading posture, we are looking for a Sr. Security Assurance Engineer to manage the risks as per the corporate information security risk management standard and assure effective of the mitigation controls and communicate the risks to the management and business owners. Provide hands-on development of risk models, assure controls are operating effectively, and provide analytical support on all trading solutions and services. Principal Accountabilities: 1. Designing and implementing an overall risk management process for corporate trading services and processes, which includes an analysis of the financial impact on the company when cyber risks occur. 2. Performing a risk assessment in alignment with Information Security Risk Management Standard for analyzing current risks, identifying, and evaluating potential risks that are affecting the trading activities. 3. Performing Risk reporting tailored to the relevant audience. (Board of directors about the most significant risks to the business; ensuring business heads understand the risks that might affect their departments; ensuring individuals understand their own accountability for security risks). 4. Creating business continuity plans and develop risk mitigation to limit risks 5. Propose cost effective information security controls for the remediation of risk and evaluate existing information security controls, providing assurance of control implementations as required. 6. Develop and manage information security risk register, including the development of risks acceptance reports, and communicate risks to the business if required. 7. Measure the security maturity of the trading system's cybersecurity exposure, and provide detailed findings, strategic recommendations, and an actionable road map. 8. Strengthen defenses against data loss. 9. Define trading-risk-management policies and monitor compliance with state law and standards 10. Drive, implement and manage security projects for the department.

? Bachelor's degree in information security, computer science, or systems engineering ? Professional certifications related to Information security like ISO27001, ISO27005, CISSP, CISA, GIAC, CEH or others

Experience & Skills
This position requires extensive risk management and assurance analytics skills in both trading and financial activities. ? Deep knowledge on identifying, classifying, and evaluating information security risks. ? 10+ years of relevant professional experience ? Excellent quantitative and analytical skills, along with the ability to apply those skills across trading business processes. ? Knowledge of fundamental security principles and challenges in their practical application ? Knowledge of information security capabilities and requirements analysis ? Solid knowledge addressing threats vectors such as formjacking, supply chains hacks which exploit third party services and software, ransomware attacks, Zero days and APT attacks. ? Ability to communicate the urgency and severity of complex risk scenarios in simple language ? Excellent written and verbal business communication skills