Senior Information Security Risk Analyst

Company: Full Time QatarEnergy
  • Location: Doha, Qatar View on Map
  • Date Posted: July 30, 2023
  • Salary: Negotiable

About the job

Primary purpose of job

The Senior Information Security Risk Analyst is tasked with enhancing the information security posture of QatarEnergy in both IT and OT environments by assessing and managing cyber and information security risks. He/She actively participates in projects during all phases of implementation and operation, provides expert technical and procedural direction to identify and manage cyber and information security risks, and monitors progress of activities to manage and report identified risks.

Experience & Skills

  • Knowledge of fundamental security principles and challenges in their practical application
  • 10+ years of relevant professional experience
  • Experience with large ICS & ICT environments in the Energy sector, preferably in Oil & Gas
  • Knowledge of information security capabilities and requirements analysis
  • Perform periodic risk management activities in IT and OT during the phases of the project lifecycle, communicate risks and mitigation actions to stakeholders, and support the business in defining cyber and information security requirements
  • Identify critical information systems and supporting systems for business processes and projects
  • Evaluate the effectiveness of existing information security controls
  • Propose cost effective information security controls for the remediation of risk
  • Manage information security risk register, including the development of risks acceptance reports, and communicate risks to the business as required
  • Maintain security controls framework in compliance with state law, international standards and best practices
  • Define and evaluate metrics for reporting information security control effectiveness
  • Communicate the urgency and severity of complex risk scenarios in simple, effective language
  • Excellent written and verbal business communication skills


  • Bachelor’s degree in information security, computer science, or systems engineering.
  • Professional certifications related to Information security (e.g., ISO27001, ISO27005, CISSP, GICSP, CISA, GIAC, CEH, etc.

Similar Jobs