Role Summary

The incumbent has the primary responsibility of assisting the Head of Security Engineering to protect bank’s critical information and network assets and implement adequate and cost-effective controls to ensure the Confidentiality, Integrity and Availability.  The incumbent will also assume responsibility for:

Information security consulting in multiplatform IT environments, Subject Matter Expert for security concerns, Compliance against internal policies, regulatory requirements and industry best practices, Oversee security assessments, Risk assessments, Implementing Information security management framework, POC management and product evaluation, Incident handling and forensic data collection and analysis, Audit finding closure and control implementation, coordinate external security assessments, Recommend modifications in legal, technical and regulatory areas that affect QNB security.

Role Description

Minimize or eliminate business downtime and revenue loss due to security incidents and system unavailability

Eliminate security incidents and bad publicity that can potentially tarnish bank’s public image and there by loss of customer confidence in using bank’s services.

Provide input to the Head of IT Security Operations.

Assist in the Department’s annual budgeting process.

 

Build and maintain strong and effective relationship with all other related departments and units to achieve the Group’s goals/ objectives.

Provide timely and accurate information to the external and internal auditors and the compliance function, as and when required.

Coordinate with Compliance Group to ensure receipt of timely updates on new rules and regulations from Qatar Central Bank (QCB) and other applicable regulators pertaining to IT Security and ensure timely compliance with the same.

Liaise with the vendors for the various IT systems in use across the Group to ensure the consistent implementation of information security standards across Group systems.

Liaise with external consultants appointed from time to time to assess the adequacy and effectiveness of the Group’s information security efforts

 

Perform information and network security risk assessments and serve as the internal auditor for information security processes by planning and conducting information security audits and network security assessments.

Mitigate risks by creating project plans for specific implementations, configuration changes, software installations, or ‘hot fixes’ identifying resources needed from the Information Technology department. Also, work with the Head of IT Security to coordinate and schedule actions.

Assist in compliance check against the Group’s information security policies and procedures at the head office, DR site, domestic and international branches and subsidiaries.

Use metrics to measure, monitor and report on the effectiveness and efficiency of information security controls and compliance with information security policies.

Coordinate with other departments to solve security issues and banking frauds.

Provide a monthly status report to the Head of IT Security Operations for eventual presentation to senior management.

Assist in promoting activities to foster information security awareness within the Group.

Research and propose information security products and services to protect and enhance the Group’s network infrastructure. 

Oversee the vendors and Group personnel responsible for safeguarding the Group's assets, intellectual property and computer systems.

Ensure that all system data is secured from unauthorized inquiries, intrusions, user errors, and system failures. Identify and implement methods for protecting system integrity.

Assist in incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary