Job Description

Company
QatarEnergy
Department
IT Security
Information Protection
INFORMATION & COMMUNICATION TECHNOLOGY
Primary purpose of job
The objective of this position is to implement and support the information protection and privacy program across
QatarEnergy. Ensure information within QatarEnergy is protected and used appropriately according to identified risks and
regulatory controls. Cover all the required privacy pillars in compliance to local and international privacy laws. Work
independently and as part of a cross functional team to drive the continuous improvement of the information protection and
privacy function.
Experience & Skills

• 10+ years of relevant professional experience with at least 5 years in an information protection and privacy role in large

ICS & ICT environments preferably from the Energy sector or in Oil & Gas

• General understanding of the information security domains and how different modules interact.
• Practical knowledge in local and international privacy laws, and their boundary to QP, coordination with regulatory

authorities.

• Should have hands-on experience on establishing controls for ensuring compliance with PDPPL, GDPR , other privacy

laws, and data breach notification protocol

• Implement privacy gap assessment and produce/review privacy oriented documentation (policies, procedures,

registrars...etc) based on Qatar PDPPL law and industry good practices around privacy.

• Expertise in implementing privacy security controls from a technological and administrative aspect, and effective use of

each control.

• Evaluate the urgency and severity of privacy risks, and mitigate them with the proper privacy security controls
• Make sure that privacy built by design concept is incorporated into processes and technologies through various

procedures and frameworks.

• Work with cross-functional teams to ensure alignment between data privacy laws, regulations and business imperatives,

including developing practical solutions for complex data privacy-related issues.

• Demonstrated ability to translate regulatory requirements into practical and actionable elements while supporting business

strategy.

• Support the DLP technology implementation such as roadmap, approach, procedures and use cases.
• Integration and maintenance of DLP solution with the SOC and set defined guidelines through a proper incident book

response.

• High level of integrity, maintaining confidentiality and an ability to remain objective in balancing business needs and risk.
• Excellent written and verbal business communication and presentation skills

Education

• Bachelor's in computer science or a related engineering field
• Additional information security certifications are desirable such as CISSP, ISO27001 LI, CIPT, CIPP/E.