Information Security Officer
Doha, Qatar
Swan Global
Position Name: Information Security Officer
Education: Bachelor’s degree in computer science or
any other equivalent field
Experience: Minimum of 4 years of Information Security
experience
Position Type: Permanent
Job Summary and Purpose
Drive a strong and robust Information Security Management
System (ISMS) in the organization through threat/vulnerability detection,
security scanning, penetration testing, security monitoring, vulnerability
mitigation, threat mitigation, identifying IT/OT security risks and other
related information security activities.
Ensure adherence to the various information security
standards, and standards and provide technical consultation on Information
Security issues.
Key Accountabilities:
Information Security Management:
2. Collate information from the conducted assessments and recommend appropriate remedial steps.
3. Develop, review, improve, and update information security policies, procedures, guidelines, and other related documents.
4. Provide support to build the organization wide information security awareness and training programs. Contribute and provide content for awareness activities.
5. Monitor, evaluate and ensure the segregation of duties on all systems to mitigate the risk of unintentional and/or deliberate system misuse.
6. Ensure compliance with the applicable internal and international information security standards (e.g. NIA, ISO27001).
7. Monitor changes or updates in any applicable law, regulation or accreditation standards pertaining to Information Security, and ensure compliance as required.
8. Ensure appropriate administrative and technical safeguards are in place to protect information assets from internal and external threats. Coordinate physical safeguards for those assets in coordination with the General Services department.
9. Liaise and maintain contact with governmental authorities, regulatory bodies, security groups and industry forums in the field of Information Security.
10. Prepare security baselines and safeguard applications, operating systems, and infrastructure devices by adopting the latest standards.
11. Resolve information security issues and improve the Information Security performance by providing technical consultation in system development, acquisition, procurement, implementation, change management, operation/support and architectural and other ad-hoc projects.
12. Assist all organizational units in areas related to Information Security and follow the related processes to provide support.
Accountabilities - 2
14. Review technical information in the requirements statements, feasibility analysis, operating procedure manuals, and other documents produced in the process of system development.
15. Monitor and assess IT systems security, system audit trails/logs and the validity of system configurations whenever required.
16. Assist in vulnerability mitigation, e.g. through software/system patching through the IT department.
17. Assist in performing ongoing security monitoring of information systems including assessing information security risk, conducting functional and gap analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements.
Key Result Areas
• Develop, coordinate and conduct organization wide information security awareness programs and training.
• Prepare Information Security related risk assessments, reports and other relevant documentation.
• Conduct the required activities to identify threats and vulnerabilities for IT and OT infrastructure.
• Monitor various Information Security systems.
• Drive the vulnerability patching.
Qualifications:
• Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH) and Certified ISO27001 Lead implementer are preferred.
• Globally recognized credential certification is preferred in Information Security domain for example, CISM, ISO27001LA.
Experience:
• Minimum of 4 years of Information Security experience.
• IT background is preferred.
Job Specific Skills:
• Ability to manage pressure, prioritize needs, requirements and positively interact with the company users and external parties.
• Ability to trouble shoot and investigate information security incidents.
• Knowledge of Information Security Management System (ISO 27001) and other Information Security framework (NIST).
• Security related qualifications (e.g. CISSP, CISM, CEH, ISO 27001 LI/LA).
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CEH CISM CISSP Compliance Computer Science ISMS ISO 27001 Monitoring NIST Pentesting Risk assessment Vulnerabilities Vulnerability management
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.