Sr Information Security Risk Analyst (JO013383) Qatar
Primary Purpose of the Job
Enhance information security posture of the company (IT and OT) by assessing and managing the risks as per the corporate information security risk management standard. Assuring effective mitigation and communication of the risks to the management and business owners. Be an expert advisor (Technical and administrative) for management of the risks.
Principal Accountabilities
- Ensure compliance to Corporate Information Security Risk Management Standard;
- Perform risk management during multiple phases of project lifecycle;
- Identify critical information systems and supporting systems for the company business processes and projects;
- Conduct periodic / Adhoc information security risk assessments for IT and OT landscape;
- Evaluate existing information security controls, impact and information security risks;
- Propose cost effective information security controls for the remediation of risks;
- Communicate risks and the mitigation actions to the business stakeholders;
- Provide support and expert advice during implementation of controls and remediation of the risks;
- Develop risks acceptance reports and communicate risks to the business if required;
- Perform assurance of information security controls;
- Develop and manage information security risk register;
- Define metrics for continuous monitoring and reporting of effectiveness of the controls;
- Develop and Maintain security controls framework in compliance with state law, international standards and best practices;
- Review and provide security inputs in the form of SOW, contractual agreements, security controls, etc. for the scope of the projects and solutions;
- Drive, implement and manage security projects for the department;
- Provide security advisory services by supporting the business in cyber and information security requirements;
- Be the security advisor for the IT change management board;
- Provide visibility into the information security risk profile due to lack of security controls and the effectiveness;
Decision Making Authority
Inform and report information security risks to business stakeholders and information security management. Validate information security mitigation plans implementation.
Context I Special Features / Challenges
This position requires extensive technical skills in both OT and IT domains. Deep knowledge on identifying, classifying, and evaluation of information security risks. The position require technical knowledge in providing the most cost effective controls. He/she must be able to develop/ validate mitigation plans.
Qualifications I Knowledge I Skills I Experience
- Bachelor degree in information security, computer science, or systems engineering
- Professional certifications related to Information security like IS027001 , IS027005, CISSP, CISA, GIAC, CEH or others
- 10 years of relevant professional experience.
- Experience with large ICS & ICT environments in the Energy sector, preferably in Oil & Gas
- Ability to communicate the urgency and severity of complex risk scenarios in simple language
- Knowledge of fundamental security principles and challenges in their practical application
- Knowledge of information security capabilities and requirements analysis
- Excellent written and verbal business communication skills