Organization: Corporate Office
Minimum Experience: 15 years
Qualifications: Bachelor’s in Information Systems or Equivalent Work Experience
Job Description
Responsibilities,
· Develop, implement and maintain information security policies, procedures, standards and guidelines in compliance with NIA requirements, National ICS standard or any other applicable standard the organization choose
· Advise on plant security needs and act as a coordinator of security efforts and governance across the organization (Corporate as well as Plant)
· Ensure ongoing risk assessment/management of external and internal threats to ensure risk mitigation and security practices and controls remain appropriate
· Enhance existing information security metrics and provide ongoing management reporting on information security related issues and activities
· Act as the central point of contact within the company on information security problems, security issues and concerns(ads1)
· Conduct information security awareness training and education programs.
· Contribute to the successful development and maintenance of a global security and risk framework for all the company
· Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.
· Develop and enhance an information security management framework based on the National Information Assurance Policy
· To address security issue identified by internal/external audits and work with the business units to mitigate risk and define compensating controls
· Develop and implement all IT as well as OT Security policies and procedures, including those for architecture, security, disaster recovery, standards, purchasing, and service provision for security components of the company’s Corporate IT as well as Plant Operations systems
· Develop and maintain effective relationships at all levels to communicate the information security plan and integrate effective security within business processes and projects
· Benchmark, analyze report on, and make recommendations for the improvement of the IT/OT infrastructure and IT/OT systems security
· Act as an advisor on IT/OT security related Procurements, bids and tenders
· Oversee negotiation and administration of vendor, outsource, and consultants for Information security related engagements.
· Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
· Review audit trails, system logs and other monitoring data sources periodically and ensure they comply with policies and audit requirements.
· Ensure that security programs comply with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
· Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.
· Manage security incidents and events to protect corporate as well Plant IT assets, including intellectual property, regulated data and the company’s reputation.
· Monitor the external threat environment for emerging threats, and advise relevant stakeholders in IT and OT on the appropriate courses of action.
· Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.
· Design, coordinate and oversee security-testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks.
· Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.
· Coordinate with Kahramaa and advise Plant Operations and Maintenance Team for the links of DCS/EDCS & SCADA-W/P for End to End Security
· Manage security issues and incidents, and participate in problem and change management forums. Ensuring timely reporting and adequate participation in investigation for ICT security incidents, with Q-CERT and / or Law Enforcement agencies as applicable.
The ideal candidate should demonstrate:
· Solid technical knowledge and background of IT as well as OT information security technologies and practices
· Knowledge and understanding of risk assessment techniques and Business continuity practices
· Knowledge and understanding of any international Information security management systems as well as relevant local legal and regulatory requirements such as NIA. ISO 27001 … etc.
· Knowledge and understanding of Industrial Control Systems standards such as Qatar’s National ICS standard, IEC-62443, NERC CIP…etc.
· Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
· Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
· Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
· An understanding of operating system internals and network protocols.
· Experience in system technology security testing (vulnerability scanning and penetration testing).
· Familiarity in application technology security testing (white box, black box and code review).
· Knowledge of Information security Risk and audit methodologies
· Strong project and program management skills
· Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
· A strong understanding of the business impact of security tools, technologies and policies
· Excellent presentation and communications skills (both written and oral)
Experience and Qualifications:
· A minimum of Fifteen years of IT experience, with Ten years in an information security role on both IT as well as OT platforms
· A bachelor’s degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred.
· Certified Information Systems Security Professional (CISSP) issued by ISC2
Optional Certifications:
· NIA Certified Implementer (Qatari Information security standard –National Information Assurance)
· Industrial Control Systems security certifications
· Certified Information Systems Auditor (CISA) issued by ISACA
· Certified Information Security Manager (CISM) issued by ISACA
· Global Information Assurance Certification (GIAC) issued by SANS
· Certified business Continuity Professional (CBCP) issued by the DRI International
· Member of Business Continuity Institute (MBCI) issued by BCI
· CCSP issued by Cisco
More Jobs From Qatar Electricity and Water Company
