Head of Risk & Information Security (1101, QA)
Job post no longer accepts applications
Reporting structure
Reports To:
Chief Corporate Planning & Risk Officer
Direct Reportees:
Job Summary and Purpose
Lead and drive the comprehensive design and supervision of information security, risk and business continuity functions. The role necessitates a thorough understanding of the legislated requirements to ensure that the information security, risk and business continuity principles and plans, policies and practices are integrated into all the related organizational processes in coordination with the various Nakilat functions and related stakeholders.
Accountabilities
Key Accountabilities:
Strategic Management:
1. Provide organization wide direction in terms of risk, information security and business continuity strategy that is consistent with the strategic plan of the group as well as the subsidiaries.
2. Communicate the approved risk, information security and business continuity strategy, plan and budgets to the concerned employees in a timely manner.
3. Administer the development and maintenance of the policies, procedures, guidelines, standards, Enterprise Risk Management Framework and all the related templates.
4. Supervise the risk management teams and provide them guidance related to the technical aspects including financial, operational, compliance and strategic risks.
5. Coordinate with the departmental risk champions to manage the risk assessment, risk prioritization and ranking processes.
Enterprise Risk Management:
6. Provide guidance to the employees with respect to the organizational risk assessment methodology in order to ensure that the procedures followed by them are in line with the ERM policy.
7. Monitor the risks by developing robust risk scoring models specific to the individual organizational requirements
8. Suggest a risk treatment plan as and when requested by the Risk Owners, Risk Champion and/or Executive Management.
9. Manage the process for elevating control risks to more senior levels when appropriate.
10. Communicate risk and information security related issues endangering the achievement the organizational objectives to the respective personnel including Chief Risk Officer, Risk Management Sub-Committees and Risk Champions.
11. Develop key Security, Risk and Compliance reporting metrics to ensure progress on these programs is managed and understood by the leadership.
12. Monitor the action plans in order to proactively address any control weakness or compliance issue recorded by the internal and external auditors.
13. Control and direct the in-house awareness program in order to improve overall employee awareness, response time and the tendency to proactively look for future risk requirements.
14. Maintain and evaluate the risk maturity profile of the organization.
Accountabilities - 2
Information Security Management:
15. Regulate the development and maintenance of the policies, standards, procedures and guidelines required for the Information Security Management System (ISMS).
16. Administer guidance and education in the formulation, analysis and implementation of information programs and initiatives.
17. Head the organizational staff and vendors in order to safeguard the assets, intellectual property and computer systems of the company as well as to ensure the safety of the employees and the visitors.
18. Deliver technical information security advice in accordance with the leading practices to the management.
19. Monitor and evaluate the reported security breaches and recommend appropriate response actions.
20. Ensure adherence to the information security policies and procedures followed in the company to the industry leading practices.
21. Conduct information security awareness programs to alert employees to the information security and best practices.
22. Supervise and manage the various information security activities such as cyber threat and vulnerability prevention, detection, monitoring, risk assessments information classification etc.
23. Control the approval process for access to SAP and USB port.
24. Inspect the GRC activities and report any infraction to the senior management.
25. Manage the development, application or migration of processes in adherence to the new and upcoming Government initiatives.
Business Continuity Management:
26. Supervise the development and maintenance of the policies, procedures, standards, guidelines and templates for the Business Continuity Management (BCM) framework.
27. Direct and oversee various activities such as business impact analysis and risk assessment as part of business continuity management in order to identify, evaluate and address potentially critical business situations.
28. Liaise with Business users to prepare Functional specifications.
29. Coordinate with Department Managers to outline department level business continuity procedures.
30. Mediate between different business units and IT department in order to ensure alignment of business requirements to the available IT facilities.
31. Manage and oversee periodic monitoring of the business continuity plan and also ensure that the business continuity document is appropriately updated.
Accountabilities - 3
Generic Accountabilities:
People Management:
32. Manage section staff by overseeing their performance management, recruitment, training and development to ensure high levels of engagement and competence.
Quality, Health, Safety, & Environment (QHSE):
33. Ensure compliance to all relevant QHSE policies, procedures and controls across the section to ensure that Nakilat provides safe, world class, secure and environmentally responsible service to customers, the public and its own people.
Budgets and Plans:
34. Contribute to the development of the Risk Management division budget and monitor its expenditure, while ensuring the optimal utilization of all available resources to protect Nakilat's interest.
Systems and Processes:
35. Participate in the development of the Risk Management division policies, procedures and system, and ensure their proper implementation to support in the achievement of the different plans according to the Nakilat's strategy.
Others:
36. Carry out any other duties as directed by the immediate supervisor.
Accountabilities - 4
Competencies
Business / Industry Knowledge - Specialist
Business Continuity Management - Specialist
Business Impact Analysis - Specialist
Business Risk - Specialist
Collaboration & Team Work - Advanced
Customer Centricity - Advanced
Drive Vision - Advanced
Empower & Nurture Talent - Advanced
Enterprise Risk Management - Expert
Governance - Specialist
Information Security Management - Expert
Interactive Communication - Advanced
Risk Identification and Assessment - Expert
Risk Management Methodology/Process - Expert
Risk Mitigation & Control - Specialist
Risk Project Management - Specialist
Risk Response & Reporting - Specialist
Achievement Oriented - Advanced
Solution Oriented - Advanced
Key Result Areas
• Develop risk scoring models with robust KRIs to monitor organizational risks
• Control development and management of policies and procedures for the Information Security Management System
• Ensure development and management of policies and procedures for the Business Continuity Management framework
• Ensure development of a high performing team to handle future information security, business continuity and other enterprise risks
Interactions and Working Relations
Internal:
• Interaction with all Department Managers, Heads or Risk Champions on risk assessment (i.e. risk identification, risk analysis, risk treatment and risk monitoring of departmental and top risks in Nakilat), data classification (i.e. identification and assessment of Nakilat's information), access review (i.e. SAP access, USB access)
External:
• Interface with regulatory and academic organizations in order to maintain state-of-the-art knowledge in emerging risk and information security issues and to enhance the enterprise's image as a first-class enterprise utilizing the latest thinking in this field (i.e. Professional Organization, Vendors, External Auditors and etc.)
Financial Authorities
Not Applicable
Qualifications, Experience and Job Skills
Qualifications:
• Bachelor's Degree in Accounting, Business Administration, Computer Science or any other related field
• Globally recognized certification in required in either Risk, Information Security and Business Continuity domain for example CPA, PRM, FRM, CRMA, CISM, ISO2001LA/LI, ISO22301 or CRISC
• Master's Degree preferred
Experience:
• 8 to 12 years of information security, risk management and business continuity experience in a multicultural environment, 3 years out of which in a managerial role.
• Experience in designing and implementing enterprise risk management, business continuity management and information security management activities in accordance with standards (e.g. ISO 31000, ISO22301, ISO27001)
• An in-depth understanding of international standards and regulatory frameworks, preferably internationally and in the Middle East
Job Specific Skills:
• Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies
• Experience in implementing an Information Security Management System (for example using ISO 27001 as a framework)
• Knowledge and understanding of risk assessment and management methodologies
• Experience of monitoring compliance with policy and standards
• Experience of defining and implementing risk mitigation strategies
• Security related qualifications (e.g. CISSP, CISM, ISO 27001)
Reports To:
Chief Corporate Planning & Risk Officer
Direct Reportees:
- Senior Information Security Officer
- Senior Risk Officer
Job Summary and Purpose
Lead and drive the comprehensive design and supervision of information security, risk and business continuity functions. The role necessitates a thorough understanding of the legislated requirements to ensure that the information security, risk and business continuity principles and plans, policies and practices are integrated into all the related organizational processes in coordination with the various Nakilat functions and related stakeholders.
Accountabilities
Key Accountabilities:
Strategic Management:
1. Provide organization wide direction in terms of risk, information security and business continuity strategy that is consistent with the strategic plan of the group as well as the subsidiaries.
2. Communicate the approved risk, information security and business continuity strategy, plan and budgets to the concerned employees in a timely manner.
3. Administer the development and maintenance of the policies, procedures, guidelines, standards, Enterprise Risk Management Framework and all the related templates.
4. Supervise the risk management teams and provide them guidance related to the technical aspects including financial, operational, compliance and strategic risks.
5. Coordinate with the departmental risk champions to manage the risk assessment, risk prioritization and ranking processes.
Enterprise Risk Management:
6. Provide guidance to the employees with respect to the organizational risk assessment methodology in order to ensure that the procedures followed by them are in line with the ERM policy.
7. Monitor the risks by developing robust risk scoring models specific to the individual organizational requirements
8. Suggest a risk treatment plan as and when requested by the Risk Owners, Risk Champion and/or Executive Management.
9. Manage the process for elevating control risks to more senior levels when appropriate.
10. Communicate risk and information security related issues endangering the achievement the organizational objectives to the respective personnel including Chief Risk Officer, Risk Management Sub-Committees and Risk Champions.
11. Develop key Security, Risk and Compliance reporting metrics to ensure progress on these programs is managed and understood by the leadership.
12. Monitor the action plans in order to proactively address any control weakness or compliance issue recorded by the internal and external auditors.
13. Control and direct the in-house awareness program in order to improve overall employee awareness, response time and the tendency to proactively look for future risk requirements.
14. Maintain and evaluate the risk maturity profile of the organization.
Accountabilities - 2
Information Security Management:
15. Regulate the development and maintenance of the policies, standards, procedures and guidelines required for the Information Security Management System (ISMS).
16. Administer guidance and education in the formulation, analysis and implementation of information programs and initiatives.
17. Head the organizational staff and vendors in order to safeguard the assets, intellectual property and computer systems of the company as well as to ensure the safety of the employees and the visitors.
18. Deliver technical information security advice in accordance with the leading practices to the management.
19. Monitor and evaluate the reported security breaches and recommend appropriate response actions.
20. Ensure adherence to the information security policies and procedures followed in the company to the industry leading practices.
21. Conduct information security awareness programs to alert employees to the information security and best practices.
22. Supervise and manage the various information security activities such as cyber threat and vulnerability prevention, detection, monitoring, risk assessments information classification etc.
23. Control the approval process for access to SAP and USB port.
24. Inspect the GRC activities and report any infraction to the senior management.
25. Manage the development, application or migration of processes in adherence to the new and upcoming Government initiatives.
Business Continuity Management:
26. Supervise the development and maintenance of the policies, procedures, standards, guidelines and templates for the Business Continuity Management (BCM) framework.
27. Direct and oversee various activities such as business impact analysis and risk assessment as part of business continuity management in order to identify, evaluate and address potentially critical business situations.
28. Liaise with Business users to prepare Functional specifications.
29. Coordinate with Department Managers to outline department level business continuity procedures.
30. Mediate between different business units and IT department in order to ensure alignment of business requirements to the available IT facilities.
31. Manage and oversee periodic monitoring of the business continuity plan and also ensure that the business continuity document is appropriately updated.
Accountabilities - 3
Generic Accountabilities:
People Management:
32. Manage section staff by overseeing their performance management, recruitment, training and development to ensure high levels of engagement and competence.
Quality, Health, Safety, & Environment (QHSE):
33. Ensure compliance to all relevant QHSE policies, procedures and controls across the section to ensure that Nakilat provides safe, world class, secure and environmentally responsible service to customers, the public and its own people.
Budgets and Plans:
34. Contribute to the development of the Risk Management division budget and monitor its expenditure, while ensuring the optimal utilization of all available resources to protect Nakilat's interest.
Systems and Processes:
35. Participate in the development of the Risk Management division policies, procedures and system, and ensure their proper implementation to support in the achievement of the different plans according to the Nakilat's strategy.
Others:
36. Carry out any other duties as directed by the immediate supervisor.
Accountabilities - 4
Competencies
Business / Industry Knowledge - Specialist
Business Continuity Management - Specialist
Business Impact Analysis - Specialist
Business Risk - Specialist
Collaboration & Team Work - Advanced
Customer Centricity - Advanced
Drive Vision - Advanced
Empower & Nurture Talent - Advanced
Enterprise Risk Management - Expert
Governance - Specialist
Information Security Management - Expert
Interactive Communication - Advanced
Risk Identification and Assessment - Expert
Risk Management Methodology/Process - Expert
Risk Mitigation & Control - Specialist
Risk Project Management - Specialist
Risk Response & Reporting - Specialist
Achievement Oriented - Advanced
Solution Oriented - Advanced
Key Result Areas
• Develop risk scoring models with robust KRIs to monitor organizational risks
• Control development and management of policies and procedures for the Information Security Management System
• Ensure development and management of policies and procedures for the Business Continuity Management framework
• Ensure development of a high performing team to handle future information security, business continuity and other enterprise risks
Interactions and Working Relations
Internal:
• Interaction with all Department Managers, Heads or Risk Champions on risk assessment (i.e. risk identification, risk analysis, risk treatment and risk monitoring of departmental and top risks in Nakilat), data classification (i.e. identification and assessment of Nakilat's information), access review (i.e. SAP access, USB access)
External:
• Interface with regulatory and academic organizations in order to maintain state-of-the-art knowledge in emerging risk and information security issues and to enhance the enterprise's image as a first-class enterprise utilizing the latest thinking in this field (i.e. Professional Organization, Vendors, External Auditors and etc.)
Financial Authorities
Not Applicable
Qualifications, Experience and Job Skills
Qualifications:
• Bachelor's Degree in Accounting, Business Administration, Computer Science or any other related field
• Globally recognized certification in required in either Risk, Information Security and Business Continuity domain for example CPA, PRM, FRM, CRMA, CISM, ISO2001LA/LI, ISO22301 or CRISC
• Master's Degree preferred
Experience:
• 8 to 12 years of information security, risk management and business continuity experience in a multicultural environment, 3 years out of which in a managerial role.
• Experience in designing and implementing enterprise risk management, business continuity management and information security management activities in accordance with standards (e.g. ISO 31000, ISO22301, ISO27001)
• An in-depth understanding of international standards and regulatory frameworks, preferably internationally and in the Middle East
Job Specific Skills:
• Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies
• Experience in implementing an Information Security Management System (for example using ISO 27001 as a framework)
• Knowledge and understanding of risk assessment and management methodologies
• Experience of monitoring compliance with policy and standards
• Experience of defining and implementing risk mitigation strategies
• Security related qualifications (e.g. CISSP, CISM, ISO 27001)
JOB SUMMARY
Head of Risk & Information Security (1101, QA)
Doha
2 months ago
N/A
Full-time