Information Security Expert

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Primary responsibilities of the role include ongoing governance and execution of the Information Security Management System (ISMS).
• Create KPIs for performance monitoring and quality measurement purposes for the IT Security Development personnel and monitor achievement on a periodic basis.
• Ensure risk identification, analysis and mitigation activities are integrated into the information security life cycle.
• Develop policies, standards and procedures required for the corporate information security in IT Dept.
• Prepare training material, deliver awareness and workshop sessions. Promote information security policies, and best practices.
• Manage and maintain information security awareness programs.
• Research security enhancements and make recommendations to management.
• Stay up-to-date on information technology trends and security standards and to help CCQ achieve accredited industry certification such as ISO27002:2013, National Information Assurance (NIA V2) policy of Qatar.
• Ensure architectural principles are applied during design to reduce risk and drive adoption and adherence to standards, guidelines, and policies.
• Obtain and act on vulnerability information and conduct security risk assessments, business impact analysis and accreditation on complex information systems.
• Maintain current knowledge of malware attacks and other cyber security threats and perform regular penetration testing, monitor network and security events.
• Investigate security breaches and other cyber security incidents, document, and assess the damage caused.
• Work with security team to perform tests and uncover network vulnerabilities.
• Provide advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
• Investigate major breaches of security and recommend appropriate control improvements.
• Monitor the application and compliance of security administration procedures and review information systems for actual or potential breaches in security.
• Conduct investigations to correctly gather, analyze and present digital evidence to both business and legal audiences
• Perform other tasks and duties that may be occasionally required in order to meet the requirements of the objectives of the College.
• Other roles and responsibilities assigned by immediate supervisor/management.