Job Description
Roles & Responsibilities
The Information Security Officer is responsible for leading and executing end-to-end security assurance activities across AZF’s technology landscape, including applications, cloud, infrastructure, identity, and third-party environments.
The role ensures security controls are properly designed, implemented, validated, and continuously enforced, including the definition and verification of secure configuration baselines across the enterprise, in alignment with ISMS, NCSA (Qatar NIA/QCSF), ISO 27001, and NIST CSF.
Key Responsibilities
Security Assurance & Risk Management
Lead security assessments, architecture reviews, vulnerability management, and assurance activities.
Establish and operate a structured Security Assurance Framework covering control validation, coverage tracking, and continuous assurance.
Manage the full security lifecycle from risk identification through remediation and validation.
Translate technical findings into business-level risk statements and remediation plans.
Application, Cloud & Infrastructure Security
Perform in-depth security assessments of web applications, APIs, mobile applications, cloud platforms, containers, and infrastructure.
Identify advanced security risks such as business logic flaws, authentication weaknesses, privilege abuse, and modern attack techniques.
Validate secure architectures, configuration baselines, and cloud-native security controls.
Support secure SDLC and DevSecOps practices, including security testing and release controls.
Configuration Baselines & Continuous Hardening (New)
Define and maintain secure configuration baselines across the enterprise technology stack (OS, databases, network devices, cloud services, identity platforms, and security tools).
Align baselines with industry standards (e.g., CIS Benchmarks) and organizational risk requirements.
Implement automated configuration compliance checks and continuous monitoring mechanisms.
Conduct periodic reviews and validation of configurations to detect drift, misconfigurations, and unauthorized changes.
Work with engineering and operations teams to enforce hardening standards and remediate deviations.
Architecture, Threat Modeling & Secure Design
Lead security architecture and design reviews across applications, platforms, and integrations.
Conduct threat modeling to identify attack paths, risks, and mitigation strategies.
Ensure alignment with enterprise security architecture and Zero Trust principles.
Third-Party, Data Protection & Resilience
Conduct security assessments of vendors, SaaS providers, and external integrations.
Validate data protection, encryption, and privacy controls for sensitive and regulated data.
Support cyber resilience activities, including OT/ICS security reviews, red team exercises, and incident response simulations.
Governance, Compliance & Reporting
Ensure continuous alignment with regulatory and framework requirements (ISO 27001, NIST CSF, Qatar NIA, QCSF).
Support internal and external audits with defensible, evidence-based controls.
Define and report on security metrics, KPIs, and executive dashboards.
Required Experience & Skills
Preferred Arabic Speaking
8+ years of experience in information security assessments and assurance.
Strong expertise in application, API, mobile, and cloud security.
Hands-on experience in penetration testing, vulnerability management, and security architecture reviews.
Practical experience in system hardening, configuration baselines, and security control validation.
Deep understanding of modern attack techniques and identity/authentication mechanisms.
Proven ability to communicate technical risks to business stakeholders.
Preferred Certifications
Desired Candidate Profile
.