وصف الوظيفة

About us:

The Group Securities is a well-established investment organization working in the finance industry since 1989, as a company devoted to the stock exchange. It was licensed once Qatar Stock Exchange was founded in 1997 and provides an array of investment services to more than 400,000 investors, with portfolios exceeding QR 100 billion. As brokerage firm, The Group Securities finances margin trading and operates as liquidity provider for the listed shares and ETFs. The company has a paid-up capital worth (QR 1 billion) and has been continuously posting profit since its inception. Besides being licensed by Qatar Financial Market Authority to exercise these activities, The Group Securities is also a member of Qatar Stock Exchange.

Duties:

• Define, Implement, enforce, follow up and Measure the Information Security Policies in the group to protect the Company data and the end-user and stakeholder’s data.

• Identifying the Group Business Environment and the Group place in the sector and build the required plan to ensure the confidentiality, integrity and availability for the group Data.

• Identifying legal and regulatory requirements regarding the cybersecurity capabilities of the organization and ensure the compatibility with these requirements.

• Identifying Asset/Application vulnerabilities, threats to internal and external organizational resources, and follow to close these vulnerabilities and gaps.

• Coordinate with the Risk Committee to Identifying and Evaluating Cyber Security Risk and Propose the proper controls in the Risk Reduction plan.

• Implementing an enterprise-wide security Awareness and Training program.

• Establishing Data Security protection to ensure the confidentiality, integrity, and availability for the Group data and assets.

• Implementing Information Protection Processes and Procedures to maintain and manage the protections of information systems and assets.

• Managing Protective Technology to ensure the security and resilience of systems and assets are consistent with The Group policies and procedures.

• Ensuring Anomalies and Events are detected, and their potential impact is understood.

• Implementing Security Continuous Monitoring capabilities to monitor cybersecurity events and verify the effectiveness of protective measures including network and physical activities.

• Maintaining Detection Processes to provide awareness of anomalous events.

• Establishing the Information Security Incident and Response Plan as part of the Group Business Continuity Plan

• Ensuring Response Planning process are executed during and after an incident.

• Managing Communications during and after an event with stakeholders, law enforcement, external stakeholders as appropriate

• Analysis is conducted to ensure effective response and support recovery activities including forensic analysis and determining the impact of incidents.

• Mitigation activities are performed to prevent expansion of an event and to resolve the incident.

• Continuous Improvements by incorporating lessons learned from current and previous detection / response activities.

• Working with Business Continuity to Ensure the group implements Recovery Planning processes and procedures to restore systems and/or assets affected by cybersecurity incidents.

• Implementing Improvements based on lessons learned and reviews of existing strategies.

Requirements:

• Experience in SIEM solutions - Implementation and Use case creation. 

• Experience in Vulnerability Scanning and Penetration testing. 

• Experience in Static/Dynamic Application Security Testing. 

• Experience in Network Security Technologies 

• Experience in Database Security Technologies. 

• ISO 27001 or PCI-DSS implementation. 

Qualifications:

• BSc degree in Cyber Security, Computer Engineering or Computer Science or any related field. 

• The Candidate must have 7 years of experience. 

• The Candidate must hold one or more professional certificate like CISSP, CISM, CEH and OSCP.