لم يعد يتم قبول المزيد من الطلبات لهذه الوظيفة
- Bachelor degree in information security, computer science, or systems engineering.
- Professional certifications related to Information security (e.g., ISO27001, ISO27005, CISSP, GICSP, CISA, GIAC, CEH, etc.)
- Knowledge of fundamental security principles and challenges in their practical application
- 10+ years of relevant professional experience
- Experience with large ICS & ICT environments in the Energy sector, preferably in Oil & Gas
- Knowledge of information security capabilities and requirements analysis
- Perform periodic risk management activities in IT and OT during the phases of project lifecycle, communicate risks and mitigation actions to stakeholders, and support the business in defining cyber and information security requirements
- Identify critical information systems and supporting systems for business processes and projects
- Evaluate effectiveness of existing information security controls
- Propose cost effective information security controls for the remediation of risk
- Manage information security risk register, including the development of risks acceptance reports, and communicate risks to the business as required
- Maintain security controls framework in compliance with state law, international standards and best practices
- Define and evaluate metrics for reporting information security control effectiveness
- Communicate the urgency and severity of complex risk scenarios in simple, effective language
- Excellent written and verbal business communication skills
SENIOR INFORMATION SECURITY RISK ANALYST - Qatar, دولة قطر - QatarEnergy
وصف
DepartmentINFORMATION SECURITY INFORMATION & COMMUNICATION TECHNOLOGY
Title
SENIOR INFORMATION SECURITY RISK ANALYST (Governance, Risk & Compliance)
Primary Purpose of Job
The Senior Information Security Risk Analyst is tasked with enhancing the information security posture of QatarEnergy in both IT and OT environments by assessing and managing cyber and information security risks.
He/She actively participates in projects during all phases of implementation and operation, provides expert technical and procedural direction to identify and manage cyber and information security risks, and monitors progress of activities to manage and report identified risks.
Education