IT/OT Security & Compliance Analyst - Qatar - Onsite

Job Role: IT/OT Security & Compliance Analyst

Experience: 5+ years

Location: Qatar (Onsite)

Job Description

• Implement security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns with Qatar’s CSF and NIA Policy framework.
• Evaluate risks and develops security standards, procedures, and controls to manage risks. Improves security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
• Perform and investigate internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
• Define and document business process responsibilities and ownership of the controls in GRC tool.
  
  

Qualification, Knowledge, Skills, And Experience

• Bachelor’s degree in IT/Computer Science or any related discipline.
• Relevant industry certifications in IT and OT Cybersecurity, ISO 27001 ISMS, ISA 62443.
• Minimum five years of experience in cybersecurity at a midsize or large company in our industry, Oil and Gas Sector preferably.
• Applicable information security management, governance, and compliance principles, practices, laws, rules, and regulations.
• Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols.
• Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration.
• Information systems auditing, monitoring, controlling, and assessment process.
• Incident response management.
• Risk assessment and management methodology.
• Effectively communicate technical issues to diverse audiences, both in writing and verbally.
• Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing processes.
• Evaluate and update and/or revise program materials.
• Learn quickly and apply knowledge to new situations.
• Handle sensitive and confidential matters, situations, and data.
  
  

Skills: risk assessment framework,auditing,regulatory requirements,confidentiality,ot cybersecurity,audit engagements,information security management,compliance,process improvement,architecture,risk assessment,information systems auditing,social engineering tests,security standards,compliance principles,grc tool,network infrastructure,governance and compliance,phishing,it,cybersecurity standard frameworks,it security controls,risk assessment methodology,communication skills,cyber and cloud security frameworks,isa 62443,data architecture,technical communication,governance,iso 27001 isms,vulnerability management,incident response management,patching status,it/ot cybersecurity