Job Title : SR. SECURITY ASSURANCE ENGINEER (LNG Trading)
Reference Code : OG-7003099
QatarEnergy is an integrated national oil corporation that stands at theforefront of efforts for the long term sustainable development,utilization and monetization of oil and gas resources in the State ofQatar.
In its efforts to become one of the best national energy companies inthe world, QatarEnergy's activities and those of its subsidiaries andjoint ventures, encompass the entire spectrum of the oil and gas valuechain locally, regionally, and internationally.
They include the exploration, refining and production, marketing, andsale of oil and gas, liquefied natural gas (LNG), natural gas liquids(NGL), gas to liquids (GTL) products, refined products, petrochemicals,fertilizers, steel and aluminum.
As an integrated corporation,QatarEnergy's activities also include marketing and sale of oil and gasand other various products.
and at various offshore areas, such as offshore oilfields production stations, drilling platforms, Halul oil export island,and the North Field, which is the largest single non-associated gasreservoir in the world covering an area of 6,000 square kilometers.
Theutilization of this field’s massive reserves has become a primarynational goal to continue the development and prosperity of the country.
QatarEnergy pays the utmost attention to the health and safety of itsemployees, contractors, visitors and the local communities where itoperates.
From drilling to construction, operations to decommissioning,QatarEnergy's health, safety and environment policy forms an integralpart of the corporation’s daily business and long term planning.
QatarEnergy is committed to contribute to a better future by meetingtoday’s economic needs, while safeguarding our environment and resourcesfor generations to come.
Thriving on innovation and excellence,QatarEnergy is bound to the highest levels of sustainable human, socio-economic, and environmental development in Qatar and beyond.
INFORMATION & COMMUNICATION TECHNOLOGY
Primary purpose of job
Qatar Energy is expansion their trading services and data flows globally to their consumers for communication and e-business.
As global interconnectivity this will grow the exposure to the risks of cyberattacks. To enhance the information security trading posture, we are looking for a Sr.
Security Assurance Engineer to manage the risks as per the corporate information security risk management standard and assure effective of the mitigation controls and communicate the risks to the management and business owners.
Provide hands-on development of risk models, assure controls are operating effectively, and provide analytical support on all trading solutions and services.
Principal Accountabilities :
1. Designing and implementing an overall risk management process for corporate trading services and processes, which includes an analysis of the financial impact on the company when cyber risks occur.
2. Performing a risk assessment in alignment with Information Security Risk Management Standard for analyzing current risks, identifying, and evaluating potential risks that are affecting the trading activities.
ensuring business heads understand the risks that might affect their departments; ensuring individuals understand their own accountability for security risks).
4. Creating business continuity plans and develop risk mitigation to limit risks
5. Propose cost effective information security controls for the remediation of risk and evaluate existing information security controls, providing assurance of control implementations as required.
6. Develop and manage information security risk register, including the development of risks acceptance reports, and communicate risks to the business if required.
7. Measure the security maturity of the trading system’s cybersecurity exposure, and provide detailed findings, strategic recommendations, and an actionable road map.
8. Strengthen defenses against data loss.
9. Define trading-risk-management policies and monitor compliance with state law and standards
10. Drive, implement and manage security projects for the department.
Experience & Skills
This position requires extensive risk management and assurance analytics skills in both trading and financial activities.
Deep knowledge on identifying, classifying, and evaluating information security risks.
10+ years of relevant professional experience
Excellent quantitative and analytical skills, along with the ability to apply those skills across trading business processes.
Knowledge of fundamental security principles and challenges in their practical application
Knowledge of information security capabilities and requirements analysis
Solid knowledge addressing threats vectors such as formjacking, supply chains hacks which exploit third party services and software, ransomware attacks, Zero days and APT attacks.
Ability to communicate the urgency and severity of complex risk scenarios in simple language
Excellent written and verbal business communication skills
Bachelor’s degree in information security, computer science, or systems engineering
Professional certifications related to Information security like ISO27001, ISO27005, CISSP, CISA, GIAC, CEH or others