Information Security Officer - Data Security Specialist

Black & Grey HR is recruiting for an established technology solutions and services provider in Doha, Qatar. Our client is seeking an experienced Information Security Officer to lead and manage the Data Security program. You will be responsible for designing, implementing, and managing robust data protection controls, ensuring the confidentiality, integrity, and privacy of critical information assets.

Key Responsibilities

Data Security Engineering:

• Design and implement data protection controls across enterprise, cloud, and AI/ML solutions.
• Deploy and manage Data Loss Prevention (DLP), data masking, tokenization, and data discovery/classification tools.
• Collaborate with application and infrastructure teams to integrate security into the data lifecycle.
• Monitor the organization's data security posture and generate compliance and risk reports.
• Support incident response investigations related to data breaches or insider threats.

Cloud Data Security:

• Implement and manage data protection controls in Google Cloud Platform (GCP) and Microsoft Azure.
• Secure cloud databases, data lakes, and AI data pipelines.
• Configure encryption (at rest, in transit, in use) and Bring-Your-Own-Key (BYOK) strategies.
• Manage secrets and ensure secure access to cloud data storage systems.

Cryptography & Key Management:

• Define and enforce enterprise cryptographic standards and key management policies.
• Manage encryption practices and ensure compliance with industry cryptographic standards.

Data Privacy & Compliance:

• Ensure adherence to privacy regulations (GDPR, HIPAA, PDPPL).
• Integrate privacy-by-design principles into technical controls and data governance programs.

Database Security:

• Secure structured and unstructured data repositories (SQL, NoSQL).
• Implement Database Activity Monitoring (DAM) and stringent access controls.
• Conduct regular security reviews, hardening, and vulnerability assessments of database systems.

Collaboration & Governance:

• Partner with stakeholders on enterprise data protection strategies.
• Ensure compliance with the Qatar NCSA framework and international standards (ISO 27001, NIST).
• Conduct third-party/vendor data security assessments and review data sharing agreements.
• Define KPIs, maintain security dashboards, and stay abreast of emerging threats and technologies.

Requirements

Qualifications & Required Experience:

• Bachelor’s degree in Engineering, IT, Computer Science, or a related field. Equivalent extensive experience will be considered.
• 8+ years in information security with a dedicated focus on data protection, cryptography, and database security.
• Arabic language proficiency is preferred.
• Professional certifications such as CISSP, CCSP, CDPSE, or CCSK are required. Cloud security certifications (GCP, Azure, AWS) are a strong advantage.

Technical Skillset:

• Hands-on experience with cloud platforms, specifically GCP and Azure.
• Proven expertise implementing data protection in multi-cloud environments.
• Strong knowledge of encryption standards, cryptographic protocols, and key management (KMS, GCP Cloud KMS, Azure Key Vault).
• Practical experience with secrets management (HashiCorp Vault, Azure Key Vault, GCP Secret Manager).
• Experience with DLP solutions (e.g., Forcepoint, Microsoft Purview, Google Cloud DLP).
• Skills in data discovery, classification, masking, tokenization, and anonymization.
• Experience configuring Database Activity Monitoring (DAM) tools (e.g., Imperva, IBM Guardium).
• In-depth understanding of privacy regulations (GDPR, HIPAA) and compliance frameworks.

Preferred Experience:

• Background in regulated industries (financial services, healthcare, government).
• Understanding of AI/ML data security governance.
• Knowledge of the Qatar NIA and NCSA frameworks.

Personal Competencies:

• Excellent analytical and problem-solving skills.
• Strong communication skills with the ability to convey complex technical concepts to both technical and non-technical audiences.
• Strategic thinker with a track record of practical implementation and governance.