As the Head of Information Protection, you will be responsible to ensure information within the organisation is protected and used appropriately according to identified risk and regulatory controls. This role requires identification of information controllers and processors within the organisation and extensive interaction with information controllers and processors to manage how information is used and ensure guidelines and regulatory requirements are met.
A leading government organisation in Qatar with strong development and progression culture.
Lead information classification and protection initiatives, provide advice and recommendations to leadership, and ensure information use is following relevant legislation.
Lead regular assessments of information classification, effectiveness of protection controls and the use of information.
Provide guidance regarding the impact of information protection efforts and controls.
Participate and serve as the information protection subject matter expert on the Information Security Incident Response Team.
Develop and raise awareness of information protection standards, controls and information use.
Identify and monitor data controllers and processors (e.g., organisations, applications, etc) to ensure information is handled according to key protection principles, advising on how information protection regulation should be interpreted and applied.
Maintain accurate records of information processing initiatives and activities.
Provide guidance and requirements associated with handling personal information of personnel by the organisation and partners who have access to that information.
Ensure information is maintained and destroyed according to legal retention and destruction requirements.
Serve as the primary point of contact for inquiries into information use and rights of individuals regarding information use and privacy.
Bachelor’s degree in information security, computer science, or engineering.
Preferably 15 years of relevant professional experience; 7 years in a managerial role in a large enterprise.
Experience with and expert knowledge of international and local data protection regulations and guidelines (e.g., GDPR, Qatari Privacy Law, etc).
Preference for a strong background in legal aspects of with information protection regulation.
Professional certifications in information security management and standards compliance (e.g., CISSP, CISA, GIAC, ISO 27001, etc) and experience with control frameworks (e.g., NIST Cybersecurity Control Framework).
Experience with large ICS & ICT environments in the Energy sector, preferably in Oil & Gas.
Experience in information protection and community building.
Knowledge of information security capabilities, requirements analysis and control effectiveness.
Knowledge of information use across a broad spectrum of information platforms and applications (e.g., SAP), including controls available within those platforms.
Diverse project portfolio
Opportunity to work for an organisation, contributing to the growth and development of the Qatar