The Role :
Carries out risk assessment of complex information systems and infrastructure components.
Contributes to classification of data types held and audits of information systems. Contributes to data breach planning.
Reviews compliance to information security policies and standards, configuration assessment, adherence to legal and regulatory requirements, and recommends appropriate action.
Identifies threats to the confidentiality, integrity, availability, accountability and relevant compliance of information systems.
Conducts risk, vulnerability and business impact assessments of business applications and computer installations and recommends appropriate action to management.
Investigates major breaches of security and recommends appropriate control improvements.
Conducts investigation, analysis and review following breaches, and manages the investigation and resolution of security incidents, in accordance with established procedures including incident management procedures.
Prepares recommendations for appropriate control improvements, involving other professionals as required.
Contributes to development of information security policy, standards and guidelines.
Provides authoritative advice and guidance on security strategies to manage identified risks and ensure adoption, and adherence to standards.
This includes advice on the application and operation of all types of security controls, including legislative or regulatory requirements such as data protection / GDPR and software copyright law.
Delivers and contributes to the design and development of specialist IT security education and training to IT and system user management and staff.
Ensures that incidents are handled according to agreed procedures.
Investigates escalated incidents to responsible service owners and seeks resolution.
Regularly monitors the incidence, status and speed of resolution of incidents. Analyses metrics and reports on the performance of the incident management process.
Bachelor's degree in Computer Science, Information Technology, Information Systems or other relevant discipline.
Knowledge and / or Experience
10 years' Information Security experience ideally within the oil / gas industry.
Conversant with relevant Information Security national and international standards.
Attain and maintain experience in accordance with relevant IT competency frameworks.
Good working knowledge of Information Security coupled with equivalent knowledge of the activities of those businesses and other organizations that employ IT.
Understanding of the principles and practices involved in development and maintenance of Information Security requirements.
The Company :
Our Client is the largest LNG producing company in the world, with an annual LNG production capacity of 42 million tonnes per annum (MTA), safely and reliably delivering LNG to customers around the globe from world-class facilities in Qatar.
About Fircroft :
Fircroft has been placing people in specialist technical industries for approaching half a century, focusing on mid to senior level engineers for contract and permanent roles worldwide.
By applying for this job you give consent for Fircroft to contact you, via email & telephone, to discuss your application along with future positions and Fircroft's services.
Fircroft is registered as a Data Controller with the Information Commissioner as required under the General Data Protection Regulation 2016 / 679.
Fircroft will only process your personal data for the specific purposes of managing your application.