TS Controller (IT Security Compliance)

About Hamad International Airport:


Hamad International Airport enjoys a dominant position in the aviation industry. It has been voted the best airport in the world by Skytrax in 2024. Our passenger volumes are on a steady and fast-growing path thanks to an unprecedented facility expansion that enhanced operational capacity and will drive business growth in the next years.


About the role:


This role is required to be part of MATAR-IT Cyber Security and Risk Management team, with a primary role to manage information security management system (ISMS) across MATAR and its business units. Ensure compliance to ISMS through periodic review, audit and assessments. Report & track any non-compliance to closure and maintain risk under acceptable level.


Key responsibilities:


  • Assess the efficacy of implemented information security controls in alignment with the Information Security Management System (ISMS) framework requirements.
  • Create robust security standards, procedures, and controls to effectively manage risks in align with business requirements.
  • Regularly evaluate risks associated with information systems and supporting infrastructures.
  • Maintain ongoing surveillance of information security controls, exceptions, and risks.
  • Generate comprehensive management reports including key performance indicators for information security controls.
  • Engage with both internal and external stakeholders to facilitate audits and assessments, including SOC-2, ISO 27001, 27017, 27018, NCSA, CSF, and PCI.
  • Review IT service requests to ensure security compliance.
  • Evaluate proposed project and operational changes with a focus on information security requirement adherence.
  • Familiarity with applicable information security management, governance, and compliance principles, practices, laws, rules, and regulations.
  • Understanding of information technology systems, network infrastructure, data architecture, processes, and protocols.
  • Proficiency in cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration.
  • Knowledge of information systems auditing, monitoring, controlling, and assessment processes.
  • Competence in incident response management and risk assessment methodologies.


About you:


  • Certification in either CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) is mandatory.
  • CISA (Certified Information Systems Auditor) or CRISC (Certified in Risk and Information Systems Control).
  • ISO 27001:2022 LA
  • Cloud Security Certificate / AZURE / GOOGLE / AWS
  • Payment Card Industry Data Security Standard (PCI-DSS) requirements (CPISI).
  • Specialized knowledge in securing operational technology (OT) systems such as ISA 62443 is an added advantage, preferred.

تاريخ النشر: ٤ سبتمبر ٢٠٢٤
الناشر: LinkedIn
تاريخ النشر: ٤ سبتمبر ٢٠٢٤
الناشر: LinkedIn