Company : Ooredoo
Contact Phone :
Job Description :
VAC4365 - Manager Risk and Compliance
Field:OperationsContract Type:ContractLocation:Qatar - DohaClosing date:28-Feb-2015
ROLE ACCOUNTABILITIES:
Overview
Ensures that the security posture of the Ooredoo is regularly measured and reported.
Is responsible for Ooredoo Information Security policies.
Is responsible for managing consolidated Information Risk Register for Ooredoo Qatar.
Is responsible for implementation of the Ooredoo Audit plan.
Is responsible for planning & obtaining ISO 27001 and other security certifications.
Designs and manages the security metrics programme that consolidates various security measures into meaningful metrics
Defines, maintains and updates the Risk and Compliance related Information Security policies, standards and guidelines (e.g. Risk Management methodology and Incident Management process)
Provides escalation point for Information Risk Register.
Manages and undertakes Information Security audits.
Manages resources and projects for the ongoing Information Security activities across Ooredoo.
Business Impact
Prepare policies and procedural recommendations, guidelines, and progress reports for issues related to security compliance.
Support business delivery by applying best practice business continuity, resilience and security planning.
Costs & Profitability
Meet section’s productivity and quality goals.
Ensure data security
Optimize resources and identify cost saving.
Ensure business continuity as well as robust recovery mechanisms to minimize revenue loss.
Problem Solving
Make sure all issues are reported timely and accurately.
Implement a problem resolution strategy and plan resource allocation aiming to minimize problem resolution time.
Ensure all issues are solved within permitted timeframe.
Planning & Organizing
Develop plans and procedures to implement activities to improve quality and efficiency security for the organisation.
KEY RELATIONSHIPS & DECISION MAKING:
Team working, Coaching/Development & Leadership (Coaching & Leadership applicable to people managers)
Role is part of the Leadership team in Corporate Information Security.
Leads, Coaches and develops own team ensuring high performance and engagement levels
Communicating, negotiating & influencing
Establish and manage multiple cross-functional relationships, coordination and communication lines with operating units & corporate centres.
Provide leadership, direction, planning and unity of purpose to cross functional team on security issues.
Regularly communicate decisions and policies related to information security to teams.
Decision Making
Input into major decisions on a day-to-day basis, makes routine decision around control issues that impact function performance
Technical authority to recommend changes in risk & compliance areas in collaboration with line manager.
Technical authority to recommend solutions and technologies for enhanced security and business continuity.
Authority to evaluate and recommend security tools, vendor and contractors
Operational decisions to improve methods and procedures
KEY PERFORMANCE INDICATORS (KPI):
completed annual risk iterations for BU’s
No of completed risk registers.
No of risk mitigation plans updated.
completed Information Security policy and standard updates.
No. of NC’s & observations from the ISO 27001 External Audit.
No. of ISMS scope expansion completed
Qualifications:
Bachelor’s Degree in IT or related fields.
Experience:
10 years experience
5 years with a telecom operator in similar capacity
Thorough understanding of network and IT security and Business Continuity/ Disaster Recovery standards and procedures in telecom