Primary purpose of job

The objective of this position is to implement and support the information protection and privacy program across QatarEnergy. Ensure information within QatarEnergy is protected and used appropriately according to identified risks and regulatory controls. Cover all the required privacy pillars in compliance to local and international privacy laws. Work independently and as part of a cross functional team to drive the continuous improvement of the information protection and privacy function.

Experience & Skills

• 10+ years of relevant professional experience with at least 5 years in an information protection and privacy role in large ICS & ICT environments preferably from the Energy sector or in Oil & Gas.
• General understanding of the information security domains and how different modules interact.
• Practical knowledge in local and international privacy laws, and their boundary to QatarEnergy, coordination with regulatory authorities.
• Should have hands-on experience on establishing controls for ensuring compliance with PDPPL, GDPR , other privacy laws, and data breach notification protocol.
• Implement privacy gap assessment and produce/review privacy oriented documentation (policies, procedures, registrars…etc) based on Qatar PDPPL law and industry good practices around privacy.
• Expertise in implementing privacy security controls from a technological and administrative aspect, and effective use of each control.
• Evaluate the urgency and severity of privacy risks, and mitigate them with the proper privacy security controls.
• Make sure that privacy built by design concept is incorporated into processes and technologies through various procedures and frameworks.
• Work with cross-functional teams to ensure alignment between data privacy laws, regulations and business imperatives, including developing practical solutions for complex data privacy-related issues.
• Demonstrated ability to translate regulatory requirements into practical and actionable elements while supporting business strategy.
• Support the DLP technology implementation such as roadmap, approach, procedures and use cases.
• Integration and maintenance of DLP solution with the SOC and set defined guidelines through a proper incident book response.
• High level of integrity, maintaining confidentiality and an ability to remain objective in balancing business needs and risk.
• Excellent written and verbal business communication and presentation skills.

Education

• Bachelor’s in computer science or a related engineering field.
• Additional information security certifications are desirable such as CISSP, ISO27001 LI, CIPT, CIPP/E