Job Description
This role is a part of Cyber Security function and helps setting the foundation for successful management of ISMS program and Cyber risk at Vodafone. The roles is to lead the process of ICFR/Cybersecurity Baseline and General IT Controls testing for Vodafone Qatar Technology in support of Vodafone’s Compliance Programmed for applicable standards and requirements. This involves the alignment of controls with business teams and managing control effectiveness throughout the year alongside continuous improvement of controls design. Thus, provide cyber security assurance for get end-2-end view on how financial reporting, information and cyber security risks can be mitigated with state-of-the-art security technologies and methods in a large, complex, and fast-changing environment Vodafone Qatar.
Responsibilities
- Ensure to implement GRC (governance, risk, and compliance) processes to automate and continuously monitor information security controls, exceptions, risks, and testing. Conduct the ITGC and ICFR Technical Control Testing.
- Provide supervisory technology security assurance, guidance, and support to high profile projects. Ensure privacy and security is embedded in IT System and Network Infrastructure (Mobile, Fixed, Enterprise and Cloud Systems).
- Work with Internal Control and other teams to provide seamless end-2-end coverage of in-scope IT processes and systems with controls and as support Vodafone’s external auditors in the ICFR Compliance and act as Statutory Audit as single point of contact for Technology function.
- Ensure compliance with Legal and Regulatory requirements Provide SME input to Technology Security Policy requirements and procedures.
- Responsible for support all technology security and risk management processes are optimised for maximum efficiency in line with Cyber Security Baseline controls.
- Provide regular progress and status reports to senior management and escalate issues as required. Performs related tasks consistent with skills and abilities and general responsibilities as assigned by the Line Manager.
Qualifications
CISA, CISSP, ISO 27001 or CCSP certification
- Bachelor’s degree in Technology
- 4- 5 years of relevant experience in Technical Delivery / IT Compliance / Assurance / Audit, and Risk Assessment in Telecom sector.
- In-depth knowledge and experience of cyber security controls and frameworks such as ISO 27001, NIA, Qatar 2022 Framework.
- Knowledge and exposure of fixed and /or mobile network technologies and security controls is (desirable) and will be a plus.
- Experienced in defining security policies, procedures, and requirements. Able to performs and investigates internal and external information security risk and exceptions assessments
- Knowledge of legal, regulatory and privacy requirements, such as Personally Identifiable Information (PII) Protection and Payment Card Industry (PCI)/Data Security Standard and Cyber Security Controls and frameworks such as ISO 27001, NIA, Qatar2022.