TS Controller (Cyber Security and Risk Management )

About Hamad International Airport:

Hamad International Airport enjoys a dominant position in the aviation industry. It has been voted the best airport in the world by Skytrax in 2024. Our passenger volumes are on a steady and fast-growing path thanks to an unprecedented facility expansion that enhanced operational capacity and will drive business growth in the next years.

About the role:

This role is required to be part of MATAR-IT Cyber Security and Risk Management team, with a primary role to manage information security management system (ISMS) across MATAR and its business units. Ensure compliance to ISMS through periodic review, audit and assessments. Report & track any non-compliance to closure and maintain risk under acceptable level.

Key responsibilities

• Assess the efficacy of implemented information security controls in alignment with the Information Security Management System (ISMS) framework requirements.
• Create robust security standards, procedures, and controls to effectively manage risks in align with business requirements.
• Regularly evaluate risks associated with information systems and supporting infrastructures.
• Maintain ongoing surveillance of information security controls, exceptions, and risks.
• Generate comprehensive management reports including key performance indicators for information security controls.
• Engage with both internal and external stakeholders to facilitate audits and assessments, including SOC-2, ISO 27001, 27017, 27018, NCSA, CSF, and PCI.
• Review IT service requests to ensure security compliance.
• Evaluate proposed project and operational changes with a focus on information security requirement adherence.
• Familiarity with applicable information security management, governance, and compliance principles, practices, laws, rules, and regulations.
  
• Understanding of information technology systems, network infrastructure, data architecture, processes, and protocols.
  
• Proficiency in cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration.
  
• Knowledge of information systems auditing, monitoring, controlling, and assessment processes.
• Competence in incident response management and risk assessment methodologies.

About you:

• Certification in either CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) is mandatory.
• CISA (Certified Information Systems Auditor) or CRISC (Certified in Risk and Information Systems Control).
  
• ISO 27001:2022 LA
  
• Cloud Security Certificate / AZURE / GOOGLE / AWS
  
• Payment Card Industry Data Security Standard (PCI-DSS) requirements (CPISI).
• Specialized knowledge in securing operational technology (OT) systems such as ISA 62443 is an added advantage, preferred.

How to apply

Please see below for all eligibility and requirements for internal applications.

Please note that any applications not meeting criteria will not be processed.

• All internal candidates can only have three active applications at any point in time.
• All internal candidates must have completed a minimum 10 months in their current role in order to apply for a new role
• All internal candidates with an active final warning letter will be automatically disqualified from the recruitment process
• If you are Cabin Crew or Deck Crew (Qatar Airways & Qatar Executive) candidate, you would require NOC to apply for this role.