Job Purpose:
To direct, own and manage the Enterprise Risk Management, Information, and Cyber Security governance functions in THE COMPANY and drive related initiatives in alignment with THE COMPANY's vision and mission. Support the Chief Strategy Officer in realizing the risk management, business continuity, crisis management and cyber security objectives of the company.
Key Accountabilities:
- Direct, own and manage the information and cyber security governance function in THE COMPANY and drive related initiatives in alignment with THE COMPANY's vision and mission.
- Provide governance over the cyber security landscape within the organization in line with Qatar regulatory requirements by leading, developing, maintaining, and actively managing the cyber security governance and risk management frameworks for both Information Technology (IT) and Operational Technology (OT) environments.
- Formulate and lead the implementation of the Cyber Security Strategy in line with THE COMPANY's vision, mission, and corporate objectives.
- Accountable for the direction and leadership of the cyber security program, portfolio, and project management activities.
- Lead the effective achievement of department objectives through leadership of the Cyber Security department and by setting of individual objectives, managing performance, recruiting qualified staff, developing, and motivating staff, provision of formal and informal feedback and appraisal in order to maximize subordinate and department performance.
- Direct the preparation and consolidation of the cyber security budget and monitor financial performance versus the budget so that the business is aware of anticipated costs, areas of unsatisfactory performance are identified and that potential performance improvement opportunities are capitalized upon.
- Take responsibility for driving and analysing the financial performance of the Cyber Security department thereby being thoroughly aware of associated costs and financial KPIs.
- Oversee the monitoring and review of IT and OT security practices and processes, including changes to systems, methods, procedures, and processes with a focus on improving current business practices and processes to minimize cyber security risk.
- Guide the design, implementation, operations, and maintenance of the Information Security Management System (ISMS) in coordination with the IT department and relevant business units based on the ISO/IEC 27000 standards including obtaining the ISO 27001 certification where applicable.
- Lead the design and operation of related compliance monitoring and improvement activities to help ensure compliance both with internal security policies and procedures and applicable laws and regulations.
- Lead the establishment of security management frameworks, architecture, and hardening standards for THE COMPANY's Operational Technology (OT)/Industrial Control Systems (ICS) in coordination with the Maintenance department.
- Maintain a list of incompatible duties i.e., Segregation of Duties (SoD) related to IT and OT systems and applications and manage the risk associated with SOD. Report to the IT Steering Committee on Cyber Security risks and the status of the Information Security Management System (ISMS) compliance.
- Provide technical security advice related to system development, acquisition, implementation, modification, operation, support, and architecture.
- Establish cyber-security requirements to be included in all THE COMPANY projects and contracts.
- Lead the establishment of THE COMPANY's risk management frameworks and methodologies.
- Provide ongoing risk assessment of external and internal threats so that risk mitigation and information security practices and controls remain appropriate.
- Lead the development of effective interfaces between the ERM framework and other risk management frameworks such as Information Security, Business Continuity, Compliance, HSE and Projects.
- Custodian of THE COMPANY's centralized Enterprise Risk Management system.
- Manages strategic risk management topics between different ERM stakeholders in THE COMPANY.
- Manages and directs the establishment and oversight of THE COMPANY's business continuity and crisis management frameworks to address disruption risks for critical business processes and reputational risks.
- Manage the development and maintenance of standards and procedures for business continuity and crisis management.
- Accountable for overseeing and leading the establishment and operation of a fit-for-purpose cyber security incident management process.
- Provide leadership for the development of a sufficiently comprehensive Risk & Cyber Security Awareness programs and oversee the assurance of their effective delivery to the concerned parties.
- Direct the preparation of periodical management reports and progress reports to inform senior management on the progress of various initiatives and to facilitate associated decision-making.
Desired Candidate Profile:
- Bachelor's degree in relevant discipline.
- A minimum of 15 years direct and diverse information security experience, with an emphasis IT and OT infrastructure security, and cloud security, including at least 6 years in positions of progressively increasing managerial responsibilities.
- Holding relevant professional certification (i.e., CISA, CISSP, CISM, PMP) will be an advantage.
- Safeguards the timely preparation of periodic company reports for Board and Executive Management level. Candidate must have strong ability to summarize and communicate effectively with senior executives.