QNB2949 - Senior Manager, IT Security Governance and Oversight Business Unit: QNB - Qatar Country: Qatar Closing Date: 02-Mar-2025 About QNB Established in 1964 as the country’s first Qatari-owned commercial bank, QNB Group has steadily grown to become the largest bank in the Middle East and Africa (MEA) region.QNB Group’s presence through its subsidiaries and associate companies extends to more than 31 countries across three continents providing a comprehensive range of advanced products and services. The total number of employees is more than 28,000 serving up to 20 million customers operating through 1,000 locations, with an ATM network of 4,300 machines.QNB has maintained its position as one of the highest rated regional banks from leading credit rating agencies including Standard & Poor’s (A), Moody’s (Aa3) and Fitch (A+). The Bank has also been the recipient of many awards from leading international specialised financial publications.Based on the Group’s consistent strong financial performance and its expanding international presence, QNB currently ranks as the most valuable bank brand in the Middle East and Africa, according to Brand Finance Magazine.QNB Group has an active community support program and sponsors various social, educational and sporting events. Job Purpose Summary: The incumbent will assist the Senior Vice President - IT Security Governance and Oversight to design and implement relevant information security policies to protect the confidentiality, integrity and availability of any information created, acquired or maintained by the Group, and its authorized users, and to assure that the Group complies with statutory and regulatory requirements regarding information access control, as well as industry best practices. - Ensure risk identification, analysis and mitigation activities are integrated into the information security life cycle. - Ensure the use of an integrated risk management approach to create executive level perspectives and status reports regarding all security risks that the bank may encounter; this includes risks in physical security, access and control issues, data security, data privacy and contingency planning. - Reviews standards for changes in legislation and accreditation that affect information security from multiple sources including National Institute Standards and Technology (NIST), Pay Card Industries (PCI), ISO 27001, ISO 22301 and ISO 31000. - Develop project plans, determine priorities for major initiatives, and insures proper implementation of programs and projects. - Ensure the development and implementation of the Group’s information security policies and procedures and ensure timely updating thereof in light of changing circumstances/ best practices/ regulatory directives. - Mitigate risks by creating project plans for specific implementations, identifying resources needed from the Information Technology department. Also, work with the SVP, Cyber Security Technologies and Services to coordinate and schedule actions. - Monitor and report the Key Risk Indicators and compliance of the Group’s information security policies and procedures at the head office, DR site, domestic and international branches and subsidiaries. - Monitor effectiveness of controls against potential threats including hackers, software flaws, viruses, spyware, phishing and self-adaptive computer threats. - Monitor and check the processes for detecting, identifying and analyzing security-related events. - Responsible for assessing the adequacy of security frameworks for existing and new systems. - Initiate, facilitate and promote activities to foster information security awareness within the Group. - Drive the establishment of a formal reporting process, which ensures that the Chief Information Security Officer (CISO) is continually informed of significant information security related issues on a timely basis together with the action being taken to resolve such issues. - Use metrics to measure, monitor and report on the effectiveness and efficiency of information security controls and compliance with information security policies. - Develop and information security awareness training programs across the bank and assist in promoting activities to foster information security awareness within the Group. - Research and propose information security products and services to protect and enhance the Group’s network infrastructure. Requirements: - Bachelor’s degree preferably with a Major in Marketing, Banking, Finance, Accounting, Economics, Business Administration or Information Technology (related field of study). - At least 8 years’ experience in a major bank and good knowledge of IT Security controls.  - Excellent oral and written communication skills (including report writing) in English and Arabic. - Good interpersonal and presentation skills. - Understanding of the relevant laws, regulations, and practices. - Ability to make decisions and follow through with initiatives. - Personal integrity and self-management. - Planning, organising, and analytical ability. - Results oriented. - Strong analytical skills and the ability to communicate both verbally and in writing with all levels of management Note: you will be required to attach the following: 1. Resume / CV2. Copy of Passport or QID3. Copy of Education Certificate#J-18808-Ljbffr