IT Security Specialist

Roles and responsibilities

Role Purpose: To establish and maintain an Information Security Management System, IT Governance, Risk and Compliance framework In line with industry-best practices, frameworks and regulatory requirements. Identify potential risks and evaluate existing controls to ensure that; the information security strategy is aligned with organizational goals and objectives, information security risk is managed appropriately and critical and sensitive information assets are secured, avoid information Security breaches and ensure compliance with legal, statutory, regulatory or contractual obligations related Information security requirements of Qatar Museum (QM).

Roles & Responsibilities:

• Establish and maintain Information Security Management System, IT Governance, Risk and Compliance Framework in line with industry-best practices, frameworks and regulatory requirements such as MICT: Qatar’s National Information Assurance Policy (NIAP), COBIT and ISO/IEC27001:2013 standards.
• Development and maintenance of Information Security Policies, Procedures and implementation plan.
• Ensure that Information Security Policies, Procedures and implementation plan are implemented within ITD and other BUSU.
• Development and implementation of Incident and Change Management.
• Handling Information Security Incidents, taking corrective and preventive actions and root cause analysis report submission.
• Development of IT Risk Management Framework
• Risk Assessments, Risk Identification, Treatment, Mitigation, Reporting, Residual Risk Acceptance and recommendation for corrective action.
• Ensure Information Security compliance and practices are considered in projects, initiatives and new implementations.
• Collaborate with other departments such Internal Audit, Legal, Admin, Finance HC to direct compliance issues and resolutions
• IT Audits co-ordination (Compliance with Enterprise Internal/External Audits and Regulatory requirement).
• Formalized Information Security awareness programmes such as Information Security awareness mailer, awareness Banners and awareness Session
• Business Continuity and IT Disaster Recovery (ITDR)
• IT Procurement, Vendor Management and Project Management
• Technical evaluation for Information Technology product Applications and Procurement.
• Maintenance and Management Qatar Museums Information Security Technologies and Controls.
• Vulnerability Assessment and Penetration Testing (VAPT) for critical services

Desired candidate profile

• Considerable implementation or management experience with commonly accepted industry standards and/or best practices including “Qatar’s MICT: NIAP”, COBIT, ISO27000, and ITIL.
• Bachelor’s degree in Information Technology / Computer Science / Computer Engineering
• Possess Training Certification in one or more of the following: NIAP Implementation Auditing, ISO/IEC27001:2013, ITIL, COBIT, CISM, CRISK and CGEIT.
• 5 - 7 years of relevant work experience
Problem-Solving and Analytical Skills:

Strong ability to analyze complex security issues, identify vulnerabilities, and implement effective mitigation strategies.
Ability to think critically and stay calm under pressure, especially during security incidents.
Understanding of Threats and Vulnerabilities:

Knowledge of common cyber threats, including malware, phishing, ransomware, and social engineering attacks.
Familiarity with vulnerability management processes, penetration testing, and threat intelligence.
Communication Skills:

Strong written and verbal communication skills to clearly convey security information to management, teams, and users.
Ability to explain complex technical issues in an understandable way to non-technical stakeholders.
Attention to Detail:

High attention to detail to identify and address potential security weaknesses or incidents before they escalate.
Thorough documentation skills to maintain logs, reports, and compliance records.
Project Management and Collaboration:

Ability to manage multiple security projects and initiatives simultaneously.
Collaboration skills to work effectively with cross-functional teams, including IT, legal, compliance, and management.