Information Security Officer - Data Security Specialist

Job Responsibilities :

Data Security Engineering:

• Design and implement data protection controls across enterprise, cloud environments and Artificial Intelligence Solutions.

• Deploy and manage solutions such as Data Loss Prevention (DLP), data masking, and tokenization.

• Collaborate with application and infrastructure teams to embed security into data lifecycle management.

• Implement and manage data discovery and classification tools to identify, categorize, and label sensitive data across the organization.

• Continuously monitor data security posture and produce regular compliance and risk reports.

• Assist the incident response team to Investigate and respond to data security incidents, including insider threats and breaches.

Cloud Data Security:

• Implement and manage data protection controls in GCP and Azure.

• Secure databases and data lakes.

• Configure encryption at rest, in transit, and in use, with BYOK strategies.

• Deploy cloud-native data discovery and classification solutions.

• Manage secrets management and ensure secure access to data storage systems.

• Implement controls for AI data governance.

Cryptography:

• Define and enforce cryptographic practices and key management standards.

• Manage enterprise encryption practices for data at rest, in transit, and in use.

• Ensure compliance with organizational and industry cryptographic standards.

Data Privacy:

• Ensure compliance with privacy regulations (GDPR, HIPAA, PDPPL).

• Embed privacy-by-design principles and requirements into technical controls.

• Drive data classification and governance programs to safeguard personal and sensitive information.

Database Security:

• Secure structured and unstructured data repositories, including relational and NoSQL databases.

• Implement database activity monitoring (DAM) and user access controls.

• Perform regular security reviews and hardening of database systems.

Collaboration and Governance:

• Collaborate with other stakeholders on data protection strategies.

• Ensure compliance with Qatar’s NCSA framework and international standards.

• Conduct data security assessments for vendors and third-party integrations.

• Review and approve data sharing agreements.

• Define and track data security KPIs and metrics.

• Maintain Data security dashboards for continuous monitoring.

• Stay current with emerging threats, technologies, and industry best practices.

Qualifications

• 8+ years of hands-on experience in IAM engineering, administration, and PAM implementation.
• Arabic Speaker is preferred
• Hands-on experience implementing and managing enterprise IAM platforms. Deep technical expertise in GCP IAM (Cloud Identity, Workforce/Workload Identity Federation, IAM policies, service accounts, Identity-Aware Proxy). Proven experience with Privileged Access Management (PAM) solutions and securing privileged accounts. Experience with Identity Governance and Administration (IGA) platforms and access certification. Strong background in Active Directory architecture, administration, and security hardening.
• Experience integrating IAM with enterprise applications, SaaS platforms, and APIs.

Education:

• Bachelor’s degree in computer science, Information Security, or related field.

Certifications:

• CISSP, CCSP, Azure Security Engineer, GCP Professional Cloud Security Engineer, CyberArk Certified Trustee/Defender, SailPoint Certified IdentityNow / IdentityIQ Professional

• Cloud security certifications (GCP, Azure, or AWS Security Specialty) - preferred.

Required Skillsets:

• Hands-on experience with leading enterprise IAM and IGA platforms.

• Experience in Managing PAM Solution.

• Deep technical expertise in Azure IAM (Entra ID, Conditional Access, PIM, MFA, Entitlement Management).

• Experience in Configuring and Managing Cloud IDP for hybrid cloud platforms.

• Experience in securely managing the service account life cycle.

• Experience in Implementing Role-Based Access Control (RBAC) frameworks and designing custom IAM roles and permission sets.