Senior Officer Security Engineering - Doha

The Role

• Working with business sponsors, project staff, and vendor partners, to engineer, deploy and support the most effective integrated technical solutions for IT Security, 
• Provide subject matter expertise and IT Security advisory services to various business and IT initiatives, 
• Conduct a range of tasks include requirement analysis, high level solution design for IT Security solutions, conduct product assessments, to design and implement tools to help drive compliance against policies, regulatory requirements and industry best practices such as ISO 27001, PCI DSS, ITIL, SABSA and COBIT. 
• The incumbent will support the IT security incident response process across the group and also lead forensic analysis exercises. 

• Minimize or eliminate business downtime and revenue loss due to security incidents and system unavailability
• Eliminate security incidents and bad publicity that can potentially tarnish bank’s public image and there by loss of customer confidence in using bank’s services.
• Provide input to the Head of IT Security Operations.

• Build and maintain strong and effective relationship with all other related departments and units to achieve the Group’s goals/ objectives.
• Provide timely and accurate information to the external and internal auditors and the compliance function, as and when required.
• Liaise with the various teams supporting IT systems across the Group to ensure the consistent implementation of information security standards across the environment. 
• Liaise with external consultants appointed from time to time to assess the adequacy and effectiveness of the Group’s information security efforts.
• Internal (Processes, Products, Regulatory):
• Providing Information technology security risk advisory services, to various business initiatives, working with business sponsors, project staff, vendor partners, to deploy the most effective integrated technical solutions. 
• Engineer solutions and undertake advisory services to drive compliance against policies, regulatory requirements and industry best practices such as ISO 27001, PCI DSS, ITIL, SABSA and COBIT. 
• Support the security incident response process as a subject matter expert and lead forensic analysis exercises.
• Manage post-event reviews to identify root causes and highlight corrective actions.
• Respond to information security issues during each stage of a project’s lifecycle
• Mitigate risks by creating project plans for specific implementations, configuration changes, software installations, or ‘hot fixes’ identifying resources needed from the Information Technology department. Also, work with the Head of IT Security to coordinate and schedule actions. 
• Coordinate with other departments to solve IT security issues 
• Research and propose information security products and services to protect and enhance the Group’s defences form cyberattacks both at the infrastructure and application.  
• Recommend network, software and technology modifications. 
• Establish baseline standards for infrastructure systems.
• Design and Develop Key Risk Indicators (KRIs) to evaluate ’s risk exposure from IT Security risks.

• Provide direct information security training to all Group personnel, as and when required. 
• Possess an understanding of business processes and controls in all related operational areas.
• Coordinate with an expert understanding of information security issues, best practices, and a working knowledge of IT systems.
• Address and resolve complaints of departmental/ unit personnel and manage/ assess their performance.

• Maintain confidentiality with respect to commercially sensitive information.

• Bachelor/ Masters Degree in computer science, computer engineering or related subjects.
• Professional certification such as CISSP, CISM, CISA is mandatory
• Knowledge and certifications in network / application / System Security is considered a plus
• Minimum of 6 years’ experience in a major bank or large corporate in an information security engineering capacity.

• Intelligent, articulate and persuasive leader.
• Deep understanding of infrastructure and application security controls.
• Ability to communicate information security-related concepts to a broad spectrum of technical and non-technical staff. 
• Risk Management skills (risk identification, risk assessment, risk mitigation) 
• Maintain an understanding of all pertinent regulations as well as best practices pertaining to information security. 
• Well-developed analytical and interpersonal skills.
• Self-motivated, eye for detail.
• Ability to persuade others.
• Flexible team player and able to work and deliver under pressure.
• Ability to inspire and motivate others to gain commitment.
• Exercise high degree of initiative and thinking to perform complex tasks where no procedures or processes are available.

• Located at  Headquarters with visits to domestic and overseas entities, as and when required/ considered necessary.

• Group’s overall strategic plan.
• Budgetary/ scorecard targets.
• Applicable policies, procedures and guidelines including pertinent regulations and related best practices.
• Delegated and re-delegated authorities as per the delegation of authority structure.
• Instructions of the Head of Security Engineering, Head of IT Security Operations & Group Chief Information Security Officer.