Specialist – Security Risk and Compliance – Starlink
This role is responsible to support Information Security Governance, risk and compliance function through collating right information, undertaking risk assessments and information security audits and assessments.
Corporate Information Security department is responsible for securing information, technology and service availability through effective security planning and management.
This role supports the department objectives by working with the Information security Governance, Risk and Compliance senior manager to ensure information security Risk is being managed, followed and effective controls being deployed across the organization.
- Tracks and maintains compliance reports and actions needed to achieve compliance against Ooredoo policies, national and international standards/frameworks and applicable regulations and audit findings.
- Collaborates and facilitates internal and external audits and assessments.
- Coordinates with legal and regulatory for compliance with applicable laws and regulations.
- Conducts and tracks information security control effectiveness reviews and evaluations.
- Conducts risk assessments and maintain the information security risks register(s).
- Monitor the current cybersecurity threat landscape regularly and timely.
- Conducts third party security risk assessment for existing and new vendors.
- Coordinates with all Ooredoo Business Units to ensure compliance with Ooredoo
- information security policies, procedures and guidelines.
- Creates and tracks mitigation/remediation plans to meet compliance requirements and reduce risks to acceptable levels.
Costs & Profitability
- Supports the GRC section’s productivity and quality goals.
- Fulfills and addresses tasks and expectations effectively and efficiently.
- Performs due diligence for all tasks assigned.
- Makes sure all issues are reported timely and accurately.
- Ensures all issues are escalated and solved in a timely manner.
Planning & Organizing
- Daily operational planning.
- Prioritize the activities effectively to meet stakeholders’ goals and expectations.
KEY SKILLS & DECISION MAKING
Team working, Coaching/Development & Leadership
- Encourages teamwork within the project team and capitalizes on the team strengths
- Brings fresh insights to the team. Encourages the team to generate newer approaches for risk and compliance management.
Communicating, negotiating & influencing
- Communicates clearly, fluently and in an assertive manner while interacting with stakeholders on risk management and compliance initiatives.
- Presents ideas to stakeholders effectively.
- Identifies and reacts appropriately to information security risks and threats to business.
- Should be aware of non-compliance implications impacting his/her area and take appropriate decision for compliance initiatives
- Identifies appropriate approaches to meet the various compliance and audit requirements.
KEY PERFORMANCE INDICATORS (KPI)
- Reduce security risks to acceptable levels as defined by ERM for CIS scorecard.
- Fulfil audit and compliance requirements as defined by Internal Audit for CIS scorecard.
- Conduct security reviews and evaluations effectively and regularly.
- Regular security risk assessments and reviews.
|Job Location:||Doha, Qatar|
|Job Role:||Information Technology|
|Company Industry:||Retail & Wholesale; Cyber & Network Security; Telecommunications|
|Career Level:||Mid Career|
|Nationality:||United Arab Emirates; Bahrain; Djibouti; Algeria; Egypt; Iraq; Jordan; Comoros; Kuwait; Lebanon; Libya; Morocco; Mauritania; Oman; Palestine; Qatar; Saudi Arabia; Sudan; Somalia; Syria; Tunisia; Yemen|