Head, Information Security
Oil And Gas People
منذ 9 يوم

This is a permanent / staff position based in Doha, Qatar. Competitive base plus comprehensive package with family benefits is on offer for the right candidate.

This role will be situated in the Information Solutions (IS) Department and will report to the IS Manager. The Head of Information Security is responsible for managing information security risks within North Oil Company, for both Enterprise and Industrial Control Systems.

Key Requirements

10+ years’ experience in a similar role, in large enterprise environments (>

1000 users), with multiple geographic locations. Oil and Gas experience (or manufacturing industries) is preferred

At least 5 years’ experience in a leadership role with budget responsibility

Graduate and / or Master’s Degree qualifications in either Computer Science, Information Technology or a related discipline.

Professional certifications in Information Security and / or Information technology CISSP and / or CISM at minimum is required

Strong communication skills, including written, oral and presentation skills. Must be fluent in English.

Knowledge and experience in Enterprise IT security (and Industrial Control Systems) security technologies, services and processes :

Information Security models and frameworks (ISF, ISO 27001) and best practices

Architecture : Operating Systems (Windows, Linux), Network technologies and protocols

Security Architectures and controls : including Antivirus, Antimalware, proxies, web filtering and firewalls

Security Event monitoring tools and processes including Security Operations Centre.

Incident response processes and tools

Patch and Vulnerability management processes and tools

Risk Assessment, Change Management Processes

Information Classification

Disaster Recovery, Business Continuity

Professional certification in Industrial Cybersecurity (e.g. GICSP or similar) is desirable

Knowledge of Industrial Cybersecurity standards (IEC 62443) is desirable

Exposure to project management is desirable

Scope of Work

Main accountabilities include :

Team and budget management

Governance of the Cybersecurity Program Audit, Risk and Change Management

Development of Information Security Policies and Standards supporting the Cybersecurity program

Risk Management and remediation activities

Information Security Monitoring and Incident Response including Security Operations Centre

Cybersecurity Awareness

Cybersecurity architecture

Definition and execution of information security projects

Stakeholder Management (internal and external)

Job Dimensions :

The role reporting directly to the IS Manager, has budget responsibility and manages a team of subordinates

The role is accountable for establishing, maintaining and executing a risk-based information security program for both Enterprise and Industrial Control System (ICS) Information Security environments within NOC.

Role is based on-shore, with a requirement for periodic offshore visits to facilities within the Al-Shaheen field.

Activities :

Participate in, and comply with related HSE activities (onshore and offshore)

Ensure Information security activities do not compromise health and safety intentionally

Information Security

Define and execute risk-based Information Security strategy and program aligned to NOC business requirements

Report on the status and maturity of the program and cybersecurity within NOC, using appropriate metrics

Defines and executes the Information Security Risk Management framework.

Define and implement an incident response plan and establishes an Computer Incident Response Team (CIRT) to respond to computer security incidents and coordinate with the Emergency Management team

Leads Cybersecurity Incident Response cases, in conjunction with Emergency Management processes

Development of Disaster Recovery Plans aligned to business continuity requirements

Provides subject matter expertise to executive management on a broad range of information security standards and best practices, such as ISO 27000, CobiT, ITIL and as well IEC 62443 and NIST SP800 for industrial cyber security.

Coordinates and participates in regular audits through internal and external resources to assess information & cyber security performance and compliance with applicable laws, regulations and policies.

Develops Information Security awareness through targeted change and training campaigns.

Interface with relevant stakeholders (including shareholders and governmental bodies to ensure cyber security laws, regulations and decrees are understood, complied with and breaches are reported on.

All staff must be willing to participate in crisis response training and to assist during emergency response situations if required.

On rare occasions work may occur out of hours (including weekends and public holidays)

Context & Environment :

The Information Security environment is complex and covers both Enterprise IT and Industrial Control Systems (ICS). Much of this role is focused on Enterprise IT systems, with some interaction with ICS.

قدِّم طلب ترشيحك
أضف الى المفضلات
إزالة من الإشارات المرجعية
قدِّم طلب ترشيحك
بريدي الالكتروني
بالنقر فوق "متابعة"، عطي نيوفو الموافقة على معالجة بياناتي وإرسال تنبيهات البريد الإلكتروني لي، وفقًا لسياسة الخصوصية الخاصة بنيوفو. يمكنني إلغاء اشتراكي أو سحب موافقتي في أي وقت.
استمارة الطلب