About the job IT/OT Security & Compliance Analyst
Job Description
Implement security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns with Qatars CSF and NIA Policy framework.
Evaluate risks and develops security standards, procedures, and controls to manage risks. Improves security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
Perform and investigate internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
Define and document business process responsibilities and ownership of the controls in GRC tool.
Qualification, Knowledge, Skills, and Experience
Bachelors degree in IT/Computer Science or any related discipline.
Relevant industry certifications in IT and OT Cybersecurity, ISO 27001 ISMS, ISA 62443.
Minimum five years of experience in cybersecurity at a midsize or large company in our industry, Oil and Gas Sector preferably.
Applicable information security management, governance, and compliance principles, practices, laws, rules, and regulations.
Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols.
Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration.
Information systems auditing, monitoring, controlling, and assessment process.
Incident response management.
Risk assessment and management methodology.
Effectively communicate technical issues to diverse audiences, both in writing and verbally.
Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing processes.
Evaluate and update and/or revise program materials.
Learn quickly and apply knowledge to new situations.
Handle sensitive and confidential matters, situations, and data.