Manager, Threat and Vulnerability Management

• Manage the cyber security threat management agenda nd related initiatives in alignment with the firm's vision and mission.
• Support the Head of Cyber Defence in realizing the cyber security vision of the company ensuring the day-to-day activities fully support these goals.
• Responsible for implementing and maintaining technical controls and systems that protect an organization's networks and systems from cyber-attacks.
• This includes designing, implementing, and maintaining security controls and systems, configuring and tuning them, monitoring and analysing security-related data, responding to security incidents, and participating in security assessments and audits

Key Accountabilities:

• Design, implement and maintain security controls and systems such as firewalls, intrusion detection and prevention systems, and security information and event management (SIEM) systems.
• Configure and tune security controls and systems to optimize their effectiveness.
• Monitor and Analyse security-related data to identify potential threats and vulnerabilities.
• Respond to security incidents and provide incident response support.
• Keep abreast of new attack techniques and technologies and recommend security controls and systems that can help protect against them.
• Collaborate with other teams such as incident response, forensic, and threat intelligence teams.
• Participate in security assessments and audits.
• Continuously monitor and test incident response capabilities.
• Manage the security controls and systems' lifecycle, including upgrades and maintenance.
• Provide regular reports on the effectiveness of security controls and systems to management and stakeholders.
• Continuously assess threats and identify initiatives to improve the defence capabilities of the firm.
• Complete required departmental reports in a timely manner and in compliance with the firms's policies and standards.
• Manage the preparation of periodical management reports and progress reports to inform senior management on the progress of various initiatives and to facilitate associated decision-making.

Required:

• Minimum of 8 years of experience in implementing and maintaining security controls and systems.
• Business related understanding for priorities and needs
• Understanding of the organization's business operations and priorities to prioritize threat and vulnerability management efforts and communicate with stakeholders effectively.
• Knowledge of frameworks such as ISO27001, Qatar 2022 CSF, Cloud first QCB directives & applicable local and global laws and regulations, NIST, OWASP.
• Knowledge of security concepts, such as SASE, SOAR.
• Understanding of risk management principles and the importance of maintaining a secure environment to protect the organization's assets and reputation.
• Familiarity with project management methodologies and tools to track and report on threat and vulnerability management efforts.
• Ability to work collaboratively with cross-functional teams, such as incident response, forensic, and threat
• intelligence teams, to effectively manage and respond to security incidents.