About the job
Role Objective :
The Information Security Officer will work closely with the Chief Information Security Officer in efficient formulation, implementation and management of the Bank’s Information Security policy(s) and programs. The incumbent will ensure efficient management of Information Security Governance and Compliance, coordinated locally and internationally, will also assist in the management of the Information Security management system (ISMS), as part of the Bank’s Information Security Governance. The job holder will also ensure that risk management needs in relation to Information Security, including but not limited to perform gap analysis, review of control implementations, perform risk assessment, control effectiveness, control mapping in line with various frameworks, prepare/update documentation, compliance with ISO27001, ISO20000-1, PCI-DSS and any other standard requirements are duly and promptly addressed. This role requires extensive coordination and teamwork with inter and intra department officials.
Detailed Roles and Responsibilities:
- Perform all activities, as assigned by the Chief Information Security Officer, in compliance with local/ foreign regulations, internal Information security policies and procedures.
- Review and ensure that the Information Security processes within Doha Bank are operating effectively and efficiently towards achieving high operating standards.
- Review and develop new templates, checklists and trackers to ensure the Doha Bank Information Security policies and procedures are implemented effectively.
- Perform gap analysis to ascertain the magnitude of results in terms of non-compliance by the business/support functions against statutory and regulatory requirements.
- Liaise with external consultants appointed from time to time in assessing the adequacy and effectiveness of the Bank’s Information Security efforts.
- Perform the risk assessment in line with ISO27001 standard requirements which would include identification, assessment, monitoring and reporting of Information Security risks and risk treatment plan.
- Assist the CISO in successful execution of ISO27001, ISO20000-1, PCI-DSS and other industry certifications and governance of the certification programs and reporting the progress to management.
- Manage audits performed by Internal Audit Department and external auditors from regulatory and certification bodies
- Track non-conformities/observations raised by the auditors with relevant stakeholders.
- Review the Business Case, Business Requirements Documents, any specific memo raised by business departments , IT department for various services / solutions / feature enhancements.
- Manage the Internal and external audit observations and track them for closure.
- Coordination with ORM for the IT Controls review as required by ICOFR auditors.
- Review and follow-up on compliance with applicable laws and regulatory requirements, third party partners such as SWIFT, VISA and Master card.
- Assist in preparation of periodic (weekly/monthly /quarterly) dashboards, reports, memos, and agenda items of Information Security to Information Security Council, Risk Management Committee, Audit Committee of the Board, and further compliance of directions.
- Collection and consolidation of data required for monthly KRI as required by QCB and other Central Banks and Bank’s internal KRI’s.
- Participate in the development and implementation of the Bank’s Information Security policies and procedures and ensure their timely update considering changing circumstances/best practices/regulatory directives.
- Assist the Chief Information Security Officer and work closely with the IT function in the design and development of security or disaster recovery systems.
- Assist the Chief Information Security Officer in conducting security training and awareness programs; including ISMS awareness training for all Bank staff to communicate Bank’s Information Security policy(s), standards and procedures.
- Assist the Chief Information Security Officer in defining and reporting key risk indicators for Information Security risks.
- Assist the Chief Information Security Officer in development and implementation of a risk assessment program including risk treatment plan for identified high risks
- Liaise with the Business Continuity Management section in preparing the organization’s disaster recovery and business continuity plans related to information systems.
- Manage review, update and approval of ITSM policies based on the feedback from IT Teams
- Custodian of all IT processes, procedures, forms, etc. Provide document ID for new forms and SOPs
- Manage review and update of IT Operational Level Agreements and Service Level Agreement by IT teams
- Perform Internal audits based on ISO 27001, ISO 20000-1 and IT safety stock policy and track non-conformities/observations
- Manage Escrow agreements for critical applications including new escrow agreements for any critical applications being procured by IT
- Actively participate and contribute in ISO27001 and ISO 20000-1 implementation, certification,
Education and Experience :
- University graduate with a degree in Computer Science, Computer Engineering, or any other related discipline.
- 7-12 years of experience in handling Information Security Governance and compliance operations of an organization with geographical spread.
- Hands on experience in compliance towards ISO27001, ISO20000, PCI-DSS and other standard compliances.
- Experience in COBIT framework implementation.
- Experience in review of IT Operations from Risk Management (information Security)/ working in IT GRC teams
- Should have ISO27001:2013 LA or Lead implementer Certification and any one of CRISC / COBIT Implementer / COBOT-NIST implementer.
- Should have certification in PCI-DSS implementation from reputed training bodies / organizations
- Professional certification/ qualification such as CISM, CISSP, CISA are preferable