The incumbent will assist the Head of IT Security development to assure that information created, acquired or maintained by the Group, and its authorized users, is used in accordance with its intended purpose; to protect Group information from external or internal threats; and to assure that the Group complies with statutory and regulatory requirements regarding information access, security and privacy as well as industry best practices.
Shareholder & Financial:
Create Key Performance Indicators (KPI’s) for performance monitoring and quality measurement purposes for the IT Security Development personnel and monitor their achievement on periodic basis.
Lead and guide the Department’s annual costing and budgeting process.
Customer (Internal & External):
Enhance Information Risk and Control Framework, technology risk management methods and processes.
Conduct privacy impact assessments on QNB systems and processes to assess compliance with laws, regulations, and internal policies
Mitigate risks by creating project plans for specific implementations, identifying resources needed from the Information Technology department. Also, work with the Head of IT Security Operations to coordinate and schedule actions.
Lead the compliance check against the Group’s information security policies and procedures at the head office, DR site, domestic and international branches and subsidiaries.
Take on special security projects for the Group.
Monitor controls in place (manual/ system) to ensure that appropriate information access levels and security clearances are maintained
Monitor effectiveness of controls against potential threats including hackers, software flaws, viruses, spyware, phishing and self-adaptive computer threats.
Ensures the completion of reviews to ensure that all systems have effective, quality information security documentation in place including:
Responsible for enforcing the group wide Information Security Operations Strategy in line with business strategies and objectives of the group
Oversee the planning and execution of the various information security programs for the QNB group.
Internal (Processes, Products, Regulatory):
Ensure risk identification, analysis and mitigation activities are integrated into the information security life cycle.
Ensure the use of an integrated risk management approach to create executive level perspectives and status reports regarding all security risks that the bank may encounter; this includes risks in physical security, access and control issues, data security, data privacy and contingency planning.
Reviews standards for changes in legislation and accreditation that affect information security from multiple sources including National Institute Standards and Technology (NIST), Pay Card Industries (PCI), ISO 27001, ISO 22301 and ISO 31000.
Research and propose information security products and services to protect and enhance the Group’s network infrastructure.