Compliance officer

Hello,
Greetings from Proztec Qatar! I hope everything is going well with you.

We are thrilled to extend multiple exciting job opportunities, and currently, we are hiring for the role of Compliance officer

with one of our prestigious clients in Qatar. Below, you will find details of the role, key responsibilities, and requirements.

JOB OVERVIEW

JOB TITLE : Compliance officer

LOCATION : Doha, Qatar

GENERAL JOB DESCRIPTION

Several advisory services in term of Security Management and Governance are being expected to support the adaptation of the policies, guidelines, for example, covering:

· Risk management.

· Threats and vulnerabilities modeling.

· Attacks path modeling and countermeasures.

· Managerial aspects concerning information security.

· Assessment of information security effectiveness and degrees of control.

· Awareness and Education around security concepts for all stakeholders.

· Standards for information security.

· Reporting (e.g. disaster recovery and business continuity).

· Theoretical and empirical analysis.

· Economic aspects of the cybersecurity ecosystem.

· Capability modeling.

· Liaise with MOTC, Ooredoo and other stakeholders in the project and be the focal point for all cyber security related tasks.

Build and drive a successful cyber security practice for Tasmu based on Industry and International best practices in the constantly evolving cyber threat landscape.

DUTIES & RESPONSIBILITIES

The Compliance and Audit activity provides the key elements that include:

· Review existing governance models, structure, and process: Review documentation, capture existing practices, conduct interviews, draw the current landscape, and define the baseline for the engagement activity.

· Define the targeted level of maturity on the governance level.

· Perform Gap Analysis: Analyze current organizational governance structures with well-defined industry frameworks, standards, and models – identify opportunities to strengthen existing methods and structures and/or replace them with new and improved methods.

· Define Governance Operating Model: Identifies governance structure inconsistencies, overlaps, and gaps among governance mechanisms and maps current governance processes and structures.

· Plan of Action deliverables: Provides a set of deliverables that provide visibility and insights into the engagement activities, current landscape, achievable target state (i.e., desired state to accomplish), prioritized set of actions with milestones, to lead towards the target state to enhance and strengthen the security framework.

Policy enablement :

· Enable security policies on key aspects such as Digital identification, Global Security, Information Classification, IoT Security, and Organization Governance to improve security based on the emergence of new threats, new technological trends, and national/international regulatory framework evolution.

· Ensure that policies are applied on use case and IoT services definition.

· Collaborate with Microsoft on the definition of Cloud-based Security Control Framework to ensure and ease the sharing, compliance, and application of policies as well as the follow-up of the adoption of those policies by all TASMU ecosystem's stakeholders.

Awareness :

The objective of the Awareness activity is to provide training and awareness sessions on information security to TASMU operators/key personnel. This awareness program shall be based on policies, standards, procedures, and best practices previously defined as well as performed in a risk-centric approach to enable TASMU operators to understand the stakes/challenges of cybersecurity within the TASMU program's context.

The Awareness program should be conducted as an on-going program to ensure that training and knowledge are not just delivered as an annual activity, rather it is used to maintain a high level of security awareness on a daily basis.

· Assemble the Security Awareness Team

· Determine Roles for Security Awareness

· Identify levels of responsibility (Management, specific roles, and all other personnel)

· Establish Minimum Security Awareness and the depth of the security awareness training required for each stakeholder

· Determine the content of training and applicability

Risk Management: The Risk Management activity is including risk identification, analysis, and control. In the frame of security operations phases, the following actions are needed:

· Review and refresh the Risk register

· Identify points of Risk Acceptance and ownership

· Identify paths of Risk Escalation

· Establish Risk Appetite

· Identify, Analyze & Document

The improvements and modernization will provide benefit by:

· Providing guidelines for governance security and privacy

· Provide a mapping between client controls and industry standards

· Ensure that an organization's security policy continues to meet the changing and evolving needs of the underlying business.

· Maintain on-going situational awareness of the security state of an organization's network, information systems, and the environments in which those systems operate.

Privacy :

Extended knowledge with regulatory contexts such as GDPR, HIPAA, FFIEC, PCI, CJIS, etc. and mapping services with respect to protecting the information (integrity, confidentiality and availability) in accordance with these frameworks and with the policies enforced within the TASMU ecosystem (i.e. Information Classification Policy).

GDPR knowledge provides a complete approach to compliance, ensuring smooth adoption, and minimizing any future breach risk. Services are broad in scope and cover everything from the initial impact assessment to guidance in the appointment of a Data Protection Officer.

The Privacy related activities shall be conducted in agreement with incident management and response activities to be able to identify unauthorized presence before data leaks, apply protective measures and in the worst case, identify and retrieve the data leaked (DLP related controls).

SKILLS & ABILITIES

· Experience Excellent interpersonal skills

· Excellent communication and presentation skills

· Customer oriented

· Relevant technology skills.

· Relevant product and solution skills

If you are interested and ready to proceed, kindly share your CV in Word format along with the following details:

Name:

Nationality:

Total Experience:

Relevant Experience:

Current Location:

Visa Status:

Current Salary:

Expected Salary:

Notice Period:

About Proztec:
Proz Technologies (PROZTEC) is a leading ICT specialist firm based in Doha, Qatar (a tax-free country) with over 300 employees. We look forward to the possibility of welcoming you to our growing team.

Thanks & regards,
Syeda Humera
Recruitment Consultant
Proz Technologies
M: 974-70955929
P: 974-4442-0050 Ext: 109
www.proztec.com

Job Type: Permanent

Pay: QAR10,000.00 - QAR15,000.00 per month