Information Security Specialist - ISO 27001

ISO 27001, Implementation of ISMS, Internal Audit - Coordinates the continuous development, implementation and updating of security and privacy policies, standards, guidelines, baselines, processes, and procedures - Develop and manage the frameworks, processes, tools, and consultancy necessary for IT to properly manage risk and to make risk-based decisions related to IT activities - Proactive identification and mitigation of IT risks as well as responding to observations identified by third party auditors or examiners while assisting in the development of periodic reports and dashboards presenting the level of controls compliance and current IT risk posture - Assist IT Manager and Operations team with the audits and facilitate management response and remediation efforts. Ensure overall IT compliance with regulatory requirements through proactive planning and communication, ownership, and relationships - Follow-up, escalate and report the resolution of Information Security issues identified during security assessments, penetration tests and audits - Develop, implement, and maintain Disaster Recovery (DR) procedures and infrastructure in relation to the Business Continuity Plan (BCP)/ IT Service Contingency Plan. - Resolve information security issues and improve the information security performance by providing technical consultation in system development, acquisition, procurement, implementation, change management, operation/support, and architectural and other ad-hoc projects. - Assist in performing on-going security monitoring of information systems including assessing information security risk, conducting functional and gap analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements. - Identify acceptable levels of residual risk and assist with action plans, policy, and procedural changes for risk mitigation. Provide recommendations to IT projects regarding information security. - Responsible for raising and conducting Information Security awareness campaign and provision staff training periodically. - Establish a formal procedure for internally reporting and tracking security incidents ensure incident response and escalation procedures are followed, and inform all employees, contractors, and third-party users of their responsibility to report security incidents. Participate and/or oversee in the investigation and management of information security events and policy violations and track to conclusion. - Follow Policy for the notification and reporting of incidents immediately upon discovery. - Develop and document corrective action plans and implement preventive actions to mitigate recurrence. - Analyse Security incident to detect an underlying problem exists or is likely to exist. - Categorize and prioritize the problem based on the frequency, severity, and impact of incident. - Implement & manage the data privacy and data protection policies to ensure the operationalization of those policies through all departments and makes sure the organization processes personal Identifiable Information (PII) data of employees, customers, and other individuals in a compliant way. **Salary**: QAR18,000.00 - QAR20,000.00 per month **Experience**: - ISO 27001: 8 years (required) - Implementation of ISMS: 8 years (required) - Internal Audit: 8 years (required)