Information Security Officer

Black & Grey HR is recruiting for an established technology solutions and services provider in Doha, Qatar. The client is seeking an experienced Information Security Officer who will be responsible for providing ongoing leadership and expertise in information security, ensuring robust protection of organizational assets both during mega sports events and in standard operational periods. This role is responsible for establishing a proactive security posture through comprehensive risk management, policy enforcement, staff education, and incident response.

• Information Security Management
  • Develop, implement, and maintain the organization's Information Security Policies, Procedures, and the Information Security Management System (ISMS).
  • Chair the ISMS committee, facilitating communication and outreach across the organization.
  • Enforce and monitor compliance with the IT Information Security Policy, conducting regular assessments to evaluate effectiveness.
  • Plan and coordinate all information security activities, including oversight of related assurance functions.
• Risk & Vulnerability Management
  • Conduct organization-wide Risk Assessments covering people, processes, technology, and facilities.
  • Develop Risk Treatment Plans and ensure the implementation of all mandated security controls.
  • Perform regular vulnerability assessments and manage a formal process for risk mitigation.
  • Track, elevate, and report on the resolution of security issues identified in audits and penetration tests.
• Incident & Problem Management
  • Establish and manage formal procedures for security incident reporting, response, and escalation.
  • Lead investigations into security events and policy violations, ensuring thorough documentation and resolution.
  • Analyze incidents to identify underlying problems, perform root cause analysis, and implement corrective and preventive actions.
  • Develop and document incident handling, disaster recovery (DR), and IT service contingency plans.
• Security Implementation & Compliance
  • Develop and document operational procedures for key areas, including network security management, protection against malicious code, data backup, integrity, and media handling, secure information exchange, and electronic messaging.
  • Ensure internal compliance with security policies and external compliance with all applicable laws, regulations, and statutory requirements.
  • Implement continuous monitoring to ensure adherence to operational policies and procedures.
• People Management & Awareness
  • Provide performance management, guidance, and development planning for direct reports.
  • Design and deliver organization-wide Information Security awareness and training programs to foster a culture of security.

• Qualifications & Experience
  • 8-10 years of overall experience in systems, network, and IT security, with at least 5-6 years in a dedicated information security management role.
  • Bachelor’s degree in Computer Science, Electronics & Communication, IT, or a related field.
  • Mandatory professional certification in Information Security from an internationally recognized body (e.g., CISSP, CISM, from (ISC)² or ISACA).
• Required Skills & Competencies
  • Subject matter expert in information security principles and practices.
  • Bilingual proficiency with Arabic as a mandatory requirement.
  • Proven ability in strategic planning, policy development, and team management.
  • Strong capability in risk assessment, problem-solving, and root cause analysis.
  • Excellent skills in developing policies, delivering training, and reporting to stakeholders.

• Competitive Salary + Benefits Package