Information Security Officer (Arabic Speaking) - Up to 30,000 QAR

Purpose of the Role

The organisation is strengthening its security posture and needs a specialist who can oversee day-to-day information protection, enforce internal standards, manage risks, and guide the business in maintaining a secure operating environment. This role ensures that policies, controls, awareness initiatives, and incident processes are functioning effectively across all teams and technologies.

Role Overview

The Information Security Officer will coordinate security activities across the organisation, ensuring that risks are identified early, controls are implemented properly, and staff understand their responsibilities. The role combines governance, compliance, incident oversight, risk management, and awareness initiatives, acting as the central point of accountability for information security processes.

Key Areas of Responsibility

1. Governance & Policy Implementation

• Lead the development, review, and rollout of information security policies, procedures, and internal standards.
• Ensure all departments follow established security requirements and maintain evidence of compliance.
• Facilitate adoption of security controls and monitor their effectiveness.
• Maintain documentation related to the Information Security Management System (ISMS).

2. Risk Management & Security Assessments

• Conduct regular risk assessments across systems, processes, personnel, and service providers.
• Identify vulnerabilities or weaknesses and coordinate mitigation actions.
• Prepare and maintain risk registers, treatment plans, and follow-up actions.
• Provide recommendations based on risk impact, regulatory requirements, and business context.

3. Incident & Problem Handling

• Establish structured processes for reporting and escalating security incidents.
• Participate in investigations, ensuring evidence is documented and incidents are resolved appropriately.
• Report incidents in line with internal and external requirements.
• Identify root causes, track corrective actions, and implement long-term preventive measures.

4. Compliance & Assurance

• Ensure alignment with relevant regulatory, contractual, and industry security requirements.
• Support external and internal audits, providing necessary information and responding to findings.
• Assess operational compliance and measure the effectiveness of security practices.
• Oversee remediation of issues identified during audits, penetration tests, or vulnerability assessments.

5. Awareness & Training

• Design and deliver security awareness programs to improve staff understanding of threats and responsibilities.
• Promote a culture of secure behaviours across business units.
• Organise workshops, communications, and campaigns related to cybersecurity best practices.

6. Continuity & Resilience

• Support development and testing of disaster recovery and continuity plans.
• Ensure relevant teams understand restoration procedures and their roles during disruption.
• Maintain documentation for continuity and security recovery processes.

7. Stakeholder Management

• Act as a trusted advisor to technical and non-technical teams on information security matters.
• Participate in committee meetings and coordinate with business units to address security concerns.
• Provide regular updates to leadership on risk status, incidents, and compliance posture.

Required Experience

• 8+ years of combined IT and information security experience.
• 5+ years in a similar information security governance or compliance-focused role.
• Fluency in Arabic is mandatory.

Education

• Bachelor’s degree in Engineering, Information Technology, Computer Science, or a related field.

Professional Certifications (any of the following)

• CRISC
• ISO 27001 Lead Implementer
• ISO 27001 Lead Auditor
• CISSP

Key Skills

• Strong understanding of ISO 27001, NIST, and other international frameworks.
• Experience with regulatory standards such as GDPR, HIPAA, PCI DSS, SOX (or regional equivalents).
• Skilled in risk assessment, mitigation planning, and security governance.
• Ability to develop and implement policies, procedures, and awareness programs.
• Strong analytical mindset and excellent communication skills.