Information Security Manager

Doha, Qatar
Permanent
Full-time

1 month ago

JOB PURPOSETo oversee, implement, and monitor the organization’s Information Security program in accordance with Qatar Central Bank (QCB) regulations and international security standards. This role ensures the confidentiality, integrity, and availability of Almana Exchange's data and systems through independent risk-based governance, policy enforcement, and compliance oversight.KEY RESULTS AREAS / DELIVERABLES & KEY ACTIVITIESINFORMATION SECURITY GOVERNANCE

Establish and maintain Almana Exchange’s Information Security framework, aligned with QCB instructions and industry best practices.
Define and regularly update information security policies, procedures, and standards to protect company assets.
Communicate the Information Security strategy and policies to staff across departments to ensure organization-wide awareness and adherence.
Ensure compliance with QCB Technology Risk requirements and contribute to external and internal audit engagements.
Serve as the focal point for all regulatory requirements related to information security.
Ensure security-related roles and responsibilities are clearly defined and communicated throughout the organization.

RISK MANAGEMENT & COMPLIANCE OVERSIGHT

Identify, assess, and monitor technology risks across Almana Exchange’s infrastructure and services.
Implement a formal Information Security Risk Management framework that includes risk classification, likelihood and impact analysis, risk ownership, and treatment planning.
Ensure a regular schedule for risk assessments, penetration testing, and vulnerability analysis is in place.
Oversee the incident reporting and escalation process and ensure proper documentation and resolution.
Report the security posture and key risks periodically to senior management and QCB as required.
Follow up on risk remediation and control gaps identified during assessments or audits

ASSET CLASSIFICATION & PROTECTION

Establish a data classification scheme and ensure critical assets are labeled and handled accordingly.
Coordinate the maintenance of an enterprise-wide asset registry covering data, systems, and applications.
Define security control requirements based on asset classification, including data encryption, segregation, and access control.
Ensure that information assets are adequately protected using approved controls and frameworks.
Collaborate with IT to validate the effective implementation of these controls.
Promote best practices for data handling, storage, and disposal in accordance with regulatory mandates.

AWARENESS, TRAINING & STAKEHOLDER COMMUNICATION

Develop and lead periodic Information Security awareness programs for staff, including phishing simulations and compliance refreshers.
Provide advisory support to departments on new projects, ensuring security is embedded by design.
Serve as the key liaison for information security matters between Almana Exchange and third parties (vendors, service providers, and regulators).
Deliver presentations to leadership and contribute to board-level security updates as needed.
Lead the internal communication of any security events, policy updates, or new regulatory requirements.
Support business continuity and disaster recovery planning initiatives from a security standpoint.

MONITORING, REPORTING & SECURITY METRICS

Oversee continuous monitoring of the organization’s cybersecurity environment, including threat intelligence and control effectiveness.
Ensure between Information Security reporting and QCB's regulatory templates and audit alignment expectations.
Collect, analyze, and report on security Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs).
Coordinate with IT security operations to gather insights and validate threat detection and response capabilities.
Generate monthly and quarterly management reports on Information Security status, risks, and ongoing initiatives.
Monitor compliance with ISO 27001, NIST, or equivalent standards.

Bayt

Apply Now