Qatar Foundation
Head of Cybersecurity Job Vacancy In Doha, Qatar
Key Result Areas:
Lead and manage a detailed and effective Cybersecurity framework and roadmap along with practical action plan to implement it and measures to assess it.
Providing leadership and hands on guidance for all security governance, risk and compliance related initiatives.
Lead the Risk and Security team responsible for integrating IT & Security strategy, combining industry leading physical and digital security practices, and associate knowledge capabilities, with cyber security elements such as data security practices, monitoring, and response activities across the organization.
Direct and drive the assessment, creation, and the implementation of Information security standards. Security policies and practices leading to a highly visible, high-impact program that is recognized and valued by associates and executives.
In cooperation with the IT Directors, develop, design and implementation of an innovative and effective security practices & processes, to protect the organization valuable technology assets from harm or loss.
Identifying, developing, implementing, and maintaining security standards, processes, controls, practices, procedures, and policies throughout the organization.
Participate in various committees, audits and examinations and will be handling and leading the creation of the IT Governance & security adopted framework.
Responsible for the management of information security policies and standards across different security domains which provide an organizational management of IT security risks and controls.
Ensure that IT compliance and best security practices are considered in projects, initiatives, new implementations and operational tasks.
Oversee the information compliance with respect to the General Data Protection Regulation and information security best practice and analyze the impact of new regulatory requirements.
Works closely with the IT Department Heads and managers to identify and manage IT-related risks and provide a systematic approach for risks mitigation.
Proactively understand, assess and document key IT risks and implement relevant controls to manage identified risks
Collaborate and lead a team of professionals to ensure that IT threats, risks, and vulnerabilities within QF network are assessed, identified, treated & managed properly
Develop a master information security roadmap program detailing the cyber security posture of QF and action plan for mitigating and tracing threats pertaining to QF network and environment
Improve the security of the organization’s information and information assets and minimize the threat of damage resulting from intrusions through set of programs, by performing Capability assessment and security risk assessment including the cloud security.
Drive Cloud Security best practices in IaaS/ PaaS and SaaS implementations.
Interface and support all the audit exercises conducted with internal or external auditors.
Prepare publications and various forms of communications to raise awareness of Security & compliance requirements and standards
Acts as an escalation point for IT security practices, non-compliance security issues and IT Policies and process problems
Report, manage, track, escalate, and close cases related to active and passive compliance violations & incidents.
Develop and manage Security Incident Response Program, and ensure security incident management best practice is developed and implemented.
Work closely with CSOC Service provider, oversee the Security services contract and lead the service improvement plans respectively
Interface directly with cyber security units in different governmental sectors, ex: Q-Cert, MOI, NSOC
Participate in the meetings with IT management and related committees to present findings and recommendations, as assigned.
Minimum requirements:
A bachelor’s degree in computer science, business administration, commerce or engineering.
8-10 years of relevant full-time work experience in IT environment and business operations. 2 – 4 years of experience in IT Security management, and/or Risk Management Domain
Must have a detailed and analytical approach with hands-on experience with project management tools (e.g., Microsoft Project) and strong organizational skills.
Certification in one or more of the following IT frameworks is recommended; ITIL, COBIT, ISO/SEC 27000 ,CISSP, CISM, CRISC, CISA, CIPP, CompTIA Security+ or similar certifications
Shall have general knowledge on Cyber security attacks methodologies
Experience with service-oriented architecture for cloud-based services and Cloud security practices
Strong knowledge of IT Standards, Risk and Compliance certificates such as ISO 27001 / ISO 38500
Must have the ability to manage stakeholders’ and senior management expectations.
Excellent interpersonal skills as well as written/oral communications skills are essential.
Excellent writing skills with ability to draft / edit a variety of written reports and other technical documents and articulate ideas clearly and concisely; Arabic proficiency is a plus
Proficiency in MS Office Applications