senior information security risk analyst - Doha, دولة قطر - RIGZONE PETROLEUM COMPANY

    RIGZONE PETROLEUM COMPANY
    RIGZONE PETROLEUM COMPANY Doha, دولة قطر

    منذ أسبوعين

    Default job background
    وصف
    SENIOR INFORMATION SECURITY RISK ANALYST(Governance, Risk &Compliance)


    Primary Purpose ofJob

    The Senior Information Security RiskAnalyst is tasked with enhancing the information security postureof QatarEnergy in both IT and OT environments by assessing andmanaging cyber and information security risks.

    He/She activelyparticipates in projects during all phases of implementation andoperation, provides expert technical and procedural direction toidentify and manage cyber and information security risks, andmonitors progress of activities to manage and report identifiedrisks.


    Education

    • Bachelor degree in information security, computer science, orsystems engineering.
    • Professional certifications relatedto Information security (e.g., ISO27001, ISO27005, CISSP, GICSP,CISA, GIAC, CEH,etc.)

    Experience &Skills

    • Knowledge of fundamentalsecurity principles and challenges in their practical application
    • 10+ years of relevant professional experience
    • Experience with large ICS & ICT environments in the Energysector, preferably in Oil & Gas
    • Knowledge ofinformation security capabilities and requirements analysis
    • Perform periodic risk management activities in IT and OTduring the phases of project lifecycle, communicate risks andmitigation actions to stakeholders, and support the business indefining cyber and information security requirements
    • Identify critical information systems and supporting systems forbusiness processes and projects
    • Evaluate effectivenessof existing information security controls
    • Propose costeffective information security controls for the remediation of risk
    • Manage information security risk register, including thedevelopment of risks acceptance reports, and communicate risks tothe business as required
    • Maintain security controlsframework in compliance with state law, international standards andbest practices
    • Define and evaluate metrics for reportinginformation security control effectiveness
    • Communicatethe urgency and severity of complex risk scenarios in simple,effective language
    • Excellent written and verbal businesscommunication skills