The IT Security Audit & Compliance Specialist is responsible for managing and overseeing information security audits, compliance programs, cybersecurity governance, and risk management initiatives across the organization. The role ensures compliance with security standards, regulatory requirements, data protection policies, and internal governance frameworks.
The position supports the development of audit frameworks, conducts security assessments, monitors compliance maturity, identifies security risks and vulnerabilities, and collaborates with stakeholders to strengthen the organization’s cybersecurity posture.
Key Responsibilities
Security Audit & Compliance Management
Develop and maintain comprehensive IT security audit and compliance programs Plan, coordinate, and execute information security audit activities Define audit scope, objectives, methodologies, and work plans Develop and implement audit test plans for systems, applications, infrastructure, and cloud environments Conduct security compliance audits for critical systems, networks, and applications Maintain audit schedules, documentation, evidence collection, and reporting processes Ensure timely closure of audit findings, non-compliance issues, and remediation activities
Cybersecurity Governance & Risk Management
Ensure compliance with organizational policies, regulatory requirements, contractual obligations, and security standards Monitor cybersecurity maturity and compliance posture across operational and technical environments Build and maintain controls matrices aligned with multiple security and compliance frameworks Identify security risks, vulnerabilities, and compliance gaps, and recommend corrective actions Conduct vulnerability and compliance assessments and coordinate remediation activities Support governance initiatives related to security standards, policies, and operating procedures
Security Operations & Technical Oversight
Monitor compliance and security controls related to cloud security environments, Identity and Access Management (IAM), Privileged Access Management (PAM), Data Loss Prevention (DLP), and enterprise productivity and collaboration platforms. Coordinate with IT operations and business teams to resolve identified vulnerabilities and compliance issues Support the development of technical hardening standards and security baseline documents Ensure compliance of critical infrastructure, systems, applications, and cloud services
Reporting & Documentation
Prepare audit reports, compliance reports, and status updates for management and stakeholders Communicate audit findings, recommendations, and remediation plans to leadership teams Maintain clear, accurate, and complete audit documentation and evidence records Track progress of remediation efforts and monitor implementation of previous audit recommendations
Stakeholder Coordination & Support
Liaise with internal and external audit teams to support audit activities and evidence collection Collaborate with business units, HR, finance, operations, and project teams during audit and compliance reviews Support key business initiatives by identifying cybersecurity and compliance-related risks Assist in developing and delivering security awareness and compliance initiatives Perform related duties and special projects as assigned
Qualifications & Experience
Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Information Security, Risk Management, or a related discipline.5–8 years of experience in Information Security Governance, Risk Management, Compliance, Internal Controls, Audit, or Cybersecurity. Hands-on experience in implementing, managing, or maintaining Information Security Management Systems (ISMS) based on ISO/IEC 27001. Experience in Qatar National Information Assurance (NIA) framework implementation, compliance monitoring, control assessment, and audit readiness activities Experience in PCI-DSS compliance and certification implementation, including control assessment, gap analysis, remediation tracking, and audit support. Knowledge of Data Privacy and Protection requirements, privacy risk assessments, personal data handling controls, and regulatory compliance. Proven experience conducting information security risk assessments, risk treatment planning, and maintaining risk registers. Experience supporting or coordinating ICOFR (Internal Controls over Financial Reporting) reviews, audits, control testing, and remediation activities. Experience coordinating internal audits, external audits, certification audits, and regulatory assessments. Knowledgeable in reviewing, validating, and assessing audit evidence generated from various technology platforms, security tools, infrastructure systems, cloud services, applications, and business systems to determine control effectiveness and compliance. Experience with governance, risk, and compliance (GRC) platforms, risk management tools, and compliance monitoring solutions is an advantage. Strong analytical, documentation, report writing, communication, presentation, and stakeholder management skills. Ability to prepare executive dashboards, compliance reports, risk reports, and management presentations.
Technical Knowledge
Strong understanding of information security frameworks and standards, cybersecurity governance and risk management, vulnerability management and security assessments, cloud security technologies and controls, and identity and access management concepts. Knowledge of industry frameworks and standards, including ISO 27001 / ISO 27002, NIST, and CIS Benchmarks. Mandatory hands-on knowledge of cloud security environments, IAM and PAM technologies, DLP solutions, and enterprise productivity and collaboration platforms.
Preferred Certifications
Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified in Governance of Enterprise IT (CGEIT) Cloud security certifications (e.g., cloud security administration or governance certifications) ISO 27001 Lead Auditor or equivalent certifications
Skills
Strong analytical and problem-solving abilities Excellent audit, reporting, and documentation skills Strong stakeholder management and communication skills Ability to work effectively with cross-functional and multicultural teams Experience developing security policies, standards, and governance frameworks Strong understanding of security compliance and operational best practices