Job Objectives
The Information Security Consultant manages the IT Operations security for existing Infrastructure and
new required services as part of business portfolio to continuously monitor and improve organization's
security posture to build secure Infrastructure and reduce threat footprint. The role also provides
subject matter expertise and operational direction on security governance, Infrastructure security
control and risk analysis, security assessment, secure development practices and incident response.
Description
1. Establish and manage industry-leading Systems and operations security processes and practices
at each phase of the operational services within the environment and implement operational
roadmap for assessment, penetration testing and source code reviews.
2. Ensure acquired services are consistent with best practices security architecture guidelines.
3. Conduct regular manual and automated security testing, assessments, review results, track
issues and follow up to ensure remediation.
4. Coordinate and scope Third party penetration testing and security assessments activities
including configuration reviews for compliance and additional assurance of secured
implementation and operation of solutions.
5. Recommend improvements to the secure reference architecture through continuous review and
assessment of the security requirements, policies, and procedures.
6. Provide regular updates to management on Infrastructure security and vulnerability
management posture by defining operational KPIs and metrics, build dashboard and reports.
7. Manage follow up, close and report upon all department’s information security regulatory
requirements, audits, inconformity reports, compliance issues and observations that arise
during conducted internal and external assurance engagements.
8. Conduct Risk Assessments on the required Infrastructure and IT Operations services to identify
applicable risk scenarios and mitigating controls as per Qatargas Methodology.
9. Perform other related duties or assignments as directed.
10. Experience in identifying and mitigating Cybersecurity risks related to Azure implementations.
11. Experience in security architecture relating to Infrastructure and IT Operations.
12. Experience in designing secure on-prem Infrastructure solutions.
13. Experience in designing secure cloud Infrastructure and Operations solutions.
Requirements
Minimum Qualifications:
Bachelor’s degree in Computer Engineering/Science, Electronics Engineering, or any other appropriately
relevant field.
Minimum Experience:
• 10 years of progressive experience in a directly related field.
• 7 years of professional experience in ICT information, application security in an enterprise level
environment.
• 3 years in similarly relevant Application security role with around the same team capacity and
complexity of assigned tasks.
Job Specific Skills:
· Certifications in industry relative standards, frameworks, and schools of practice, such as CSSLP,
GWAPT, OSCP, etc.
· Excellent knowledge in maintaining effective working relationships with staff and clients;
excellent people management skills.
· Excellent written and verbal communication skills.
· Strong analytical and problem-solving skills.
· Proven success in working in a similarly complex ICT information security within same industry.
· Professional experience in conducting manual and automated application assessments (DAST,
SAST & RAST), penetration testing and configuration review.
· Good understanding of cryptography, web service frameworks, mobile application architectures,
and service architectures (such as event-driven, service-oriented, or serverless architectures)
· Good understanding of implementing enterprise information security architectures and
frameworks.
· Strong understanding of project management principles and requirements.
· Excellent knowledge and understanding of Information Technology industry, trends,
architectures, integrations, operational security, and process computing.
· Excellent knowledge and understanding of leading industry standards, frameworks,
methodologies, and best practices.
· Excellent knowledge and understanding of information security governance, compliance,
architecture components, technical solutions, and operational services.
Management Solutions International (MSI), established in 1987, is one of the leading Human Resources and Management Consultancies, with over 30 years of Multi-industry experience. Headquartered in Virginia, USA, MSI currently has 6 Branches, working with prominent Government / Semi-Government, Multi-National Companies as well as SMEs. MSI, traditionally an Executive Recruitment Firm is a part of CFR Global Executive Search which is a growing alliance of independent Executive Search Companies having 59 Offices in 30 Countries. This gives MSI an edge with a Global database and allows them to effectively conduct Recruitment searches worldwide. Management Solutions International Overview In the latest acquisition, MSI acquired Petrolinx in 2013. Petrolinx is an Oil & Gas specialized entity with an ever increasing database of talent from various sectors, including Exploration & Drilling, Refining, Production, Petrochemical, Distribution. Petrolinx caters to the Government Clients as well and PMC and EPC Companies. Our strength lies in our Consultants’ industry specialisation who provide recruitment consultancy services to the clients in their respective sector. This focus allows our consultants to provide a better understanding of the supply of talent available for the specific role being recruited for. Also, because our consultants have prior industry knowledge they understand our clients’ businesses and can often offer unique perspectives that help clarify their needs and ensure better quality hiring decisions.