| BASIC FUNCTION |
: |
- Implement security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns with Qatar’s CSF and NIA Policy framework.
- Perform and investigate internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test results, phishing, and social engineering tests and attacks.
- Conduct or coordinate vulnerability scans, and penetration tests on systems, document findings, and recommend risk mitigation strategies.
- Configure network and host-based intrusion detection/prevention systems, EDR, and Identity Access Management solutions.
- Assist other technical support staff in identifying and implementing appropriate security safeguards, including patch application and anti-malware strategies.
- Evaluate risks and develop security standards, procedures, and controls to manage risks. Improve security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
- Define and document business process responsibilities and ownership of the controls in the GRC tool.
|
| Key Skills |
|
- Relevant Cybersecurity certifications like OSCP, OSCE, CompTIA Security, Blue Team Certifications.
- Relevant industry certifications in IT and OT Cybersecurity, ISO 27001 ISMS, ISA 62443.
- Deep knowledge of IT, including hardware, software, and networks.
- Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration.
- Information systems auditing, monitoring, controlling, and assessment process.
- Incident response management.
- Risk assessment and management methodology.
- Applicable information security management, governance, and compliance principles, practices, laws, rules, and regulations.
- Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols.
- Strong abilities in critical thinking, problem-solving, logic, and forensics.
- Excellent verbal and written communication skills.
- Ability to work successfully in both individual and team settings.
- Meticulous eye for detail and an ability to multitask in a fast-paced environment.
- Ability to think like a hacker to stay ahead of threats.
- Effectively communicate technical issues to diverse audiences, both in writing and verbally.
- Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing processes.
|
