A leading financial institution in the Middle East and Africa is looking to hire a Head of Cyber Risk Assessments, to meet the requirements of an expansion within their Doha, Qatar headquarters.
The successful candidate will manage and lead the risk assessment function in the IT Risk and Security team, and will have the primary responsibility of ensuring that Information Technology applications and infrastructure in the Group comply with IT Security Policies and Standards.
In addition, you will also be tasked with the creating and leading a Red Team that will continuously assess the security of the group.
This is a mixed role that requires a combination of team management and technical information security assessor skills.
Manage a team of experienced risk assessors.
Create and manage a Red Team in the department and take responsibility for service definition and delivery.
Customize and use established methodologies, conduct technical reviews and penetration testing activities of business applications and infrastructure projects e.
g. technical risk assessments of internet facing applications, workstation and server build platforms, databases, networking, and virtualization technologies.
Perform security risk assessments of the banks systems.
Assessing the effectiveness of the systems, the security architecture design, compliance to IT security policies and relevant standards.
Provide subject matter expertise for the enhancement of network security posture of the organization.
Develop close relationships with senior IT and business stakeholders.
Understand and manage their requirements for Group risk services.
Assist other teams in the Group Risk division with technical IT Security reviews and provide guidance as a subject matter expert for information security.
Identify opportunities and develop new ideas that will lead to improvements.
Adapt / change behaviour or plans to better achieve the target / objective.
Analyze a complex problem and identify potential solutions by exploring and analyzing diverse alternatives, including, where applicable, risks and potential business impact.
Ability to make the right decisions based on the necessary information and to take measures accordingly
Bachelor / Master’s Degree preferably in a scientific, computing, mathematical or engineering degree or equivalent experience.
Professional certification such as CISSP, CISM, CISA is mandatory.
Solid experience in undertaking technical security assessments of complex IT solutions including penetration testing and red team activities.
Possess an understanding of business processes and controls in all related operational areas.
Solid understanding of information security issues, best practices, and a working knowledge of IT systems.
Previous Banking or Big 4 Consultancy work experience is mandatory.
Strong knowledge of penetration testing tools and techniques of application and infrastructure components.
Strong knowledge of network topologies, logical access controls and firewalls technologies.
Strong knowledge of operating systems (Wintel, Solaris and Linux)
Understanding or experience in identifying zero day exploits
Experience in assessing and designing multi-forest Active Directory domains
Programming experience (ASP, PHP, C#, etc.)
Ability to work under pressure
Strong client focus