More stories

  • in

    Operational Technology Consultant (OT Infrastructure): | Almawarid Group

    Employment:

    Full Time

    Configure, test and monitor the ICS infrastructure for company. Support with the development and configuration of use cases. Provide subject matter advice on ICS cybersecurity. Roles: • Understand various industrial control systems and their purpose, application, function, and dependencies on network IP and industrial communications. • Work with control network infrastructure design (network architecture concepts, including topology, protocols, and components) and their relation to IEC 62443 and the Purdue Model. • Run Windows and Linux command line tools to analyze the system looking for high-risk items and basic scripting to automate the running of programs to perform continuous monitoring of various tools. • Operating Systems administration (system administration concepts for Unix/Linux and/or Windows operating systems). • Aware of ICS systems’ security lifecycle. • Better understand information assurance principles and tenets (confidentiality, integrity, availability, authentication, non-repudiation). • Support on incident response and handling. • Map different ICS technologies, attacks, and defenses to various cybersecurity standards.• Ensure that the logging and monitoring requirements of OT systems are determined, documented in policies and distributed to stakeholders. • Establish a process for performing real time log- correlation and integration with threat intelligence processes. • Ensure that encryption controls are applied for ICS laptops, removable media, USB drivers.• Monitor the use of approved removable media and ensure that unauthorized removal of media is detected and media related incidents are recorded, analysed and tracked. • Ensure that network defense controls are implemented on external network gateways and access points. • Ensure that web proxy are implemented to limit connections and access to websites. • Manage the network firewall operations through a centralized firewall rule/ request and approval process. • Establish a DMZ and install the firewalls between the DMZ and internal networks.• Ensure that network security scans are conducted in order to detect rogue devices. • Integrate the NAC solution with enterprise tools/ capabilities such as SIEM, DLP, network forensics and malware protection. • Review and update the NAC rules periodically. • Integrate the wireless network access points with IDS/IPS and NAC. • Configure wireless access on ICS machines to allow access to only authorized wireless networks.

    Knowledge: • Network components, their operation and appropriate network security controls and methods. • Knowledge and understanding of risk assessment, mitigation and management methods. • Appropriate data backup and recovery methods and solutions, including testing.• Best practices for incident response and incident management. • Best practice network traffic analysis methods. • Network traffic protocols, methods and management. • Industry standard systems diagnostic tools and fault identification techniques. • The components of a network attack and their relationship to threats and vulnerabilities• Network security architecture concepts including topology, protocols, components, and principles. • Windows and Unix ports and services. • Intrusion detection and prevention system tools and applications. • Network protocols and directory services. • Software related IT security principles and methods. • Basic system, network and OS hardening techniques. • Test procedures, principles and methodologies relevant to developing and integrating cybersecurity capability. • Transmission technologies and jamming techniques that enable and prevent transmission of undesirable information or prevent installed systems from operating correctly and the laws relating to their usage. • Network traffic analysis tools, methodologies and processes. • Web filtering technologies. • Network technologies in IT and ICS/OT environments. • Supervisory control and data acquisition system components. • ICS operating environments and functions. • ICS network architectures and communication protocols. • ICS devices and industrial programming languages. • ICS threat landscape. • threats and vulnerabilities in ICS systems and environments.• intrusion detection methodologies and techniques for detecting ICS intrusions. Qualifications: • Bachelor’s degree in computer science, information technology, or any other engineering field. • 7-15+ years of experience with industrial control systems. • ICS410: ICS/SCADA Security Essentials. • ICS456: Essentials for NERC Critical Infrastructure Protection. • ICS515: ICS Active Defense and Incident Response.• ICS612: ICS Cybersecurity In-Depth. • GICSP, GCIP, GRID

    We are a national group formed on the foundations of social responsibility and building the acquired value with hard work and quality of outputs that contribute to creating a fertile production environment for our esteemed customers so that they can present their work in accordance with standards of balanced performance that ensures continuity and reduces the expected risk. More

  • in

    Data Security protection, classification, and encryption Consultant: | Almawarid Group

    Employment:

    Full Time

    Identify and implement data protection controls and technologies to ensure the protection of the Company information. The consultant is responsible for ensuring the protection of confidential information to authorized personnel by implementing cryptographic controls. He/she evaluates the current cryptographic algorithms and encryption systems and develops new algorithms if required.Role: • Assess the effectiveness of the current data protection controls• Identify and implement mitigation controls / plans for the identified gaps• Assess the practices regarding data collection and data sharing . • Identify, design and implement data protection technologies such as DLP and DRM. • Implement data classification tools and data discovery tools. • Analyze and evaluate the data privacy incidents and report to the concerned team for response and remediation• Ensure the Company compliance with the data protection laws and regulations. Provide recommendations to improve the data protection compliance. • Create security systems / mechanisms that protect against any potential information disclosure or attacks. • Implement security controls to ensure the protection of data from any modification or deletion due to unauthorized access. • Implement new cryptographic algorithms. • Analyze existing encryption systems and cryptographic algorithms to identify weaknesses and vulnerabilities.• Suggest security solutions to eliminate the weaknesses. • Manage, and monitor the implementation of the recommended improvements. • Assist in solving any security issues that may emerge. • Review and analyze all the security incidents to identify the need for cryptographic controls.• Keep up to date with current research and trends for cryptography. • Develop policies, procedures and processes related to privacy and data protection.• Conduct a risk assessment to ensure that appropriate controls are in place to mitigate risk effectively. • Identify and implement technical measures for data protection in line with relevant laws and regulations. • Conduct Privacy Impact Assessments. • Ensure that all third-party services are compliant with data privacy and security requirements.• Liaise with the legal team to ensure the right contractual clauses are defined and embedded into all data processor contracts. • Monitor compliance with GDPR or other applicable data protection laws. • Identify and evaluate the Company data processing activities. • Maintain the records of data processing activities. • Stay updated about the changes in laws and provide recommendations to ensure data privacy compliance.• Act as point of contact with legal and regulatory authorities, and internal teams. • Develop training materials and conducts trainings for employees on best data privacy practices, privacy compliance and the consequences in case of non-compliance

    Knowledge: • Network components, their operation and appropriate network security controls and methods. • Understanding of risk assessment, mitigation and management methods. • Relevant cybersecurity aspects of legislative and regulatory requirements, relating to ethics and privacy. • Computer algorithms. • Cybersecurity considerations for database systems. • Installation, integration and optimization of system components. • Human-computer interaction principles. • IT security principles and methods. • Network access, identity and access management. • Operating systems. • Network traffic protocols, methods and management. • Telecommunications concepts relevant to role. • Network security architecture concepts including topology, protocols, components, and principles. • Network systems management principles, models, methods and tools.• Systems security testing and evaluation methods. • How threat intelligence sources collect intelligence. • Network protocols and directory services. • How to use network analysis tools to identify vulnerabilities. • Intrusion detection and prevention system tools and applications. • Network protocols and directory services• Knowledge and understanding of new technologies and solutions from a cybersecurity perspective. • Network components, their operation and appropriate network security controls and methods. • Cybersecurity authentication, authorization and access control methods. • Encryption algorithms, their relative strengths and weaknesses and appropriate selection criteria. • Cryptography and cryptographic key management concepts.• Cybersecurity assessment and authorization processes. • Cybersecurity controls and privacy requirements for the management of risks relating to data. • Low-level computer languages required for role. • Mathematics required for role. • Programming language structures and logic. • Key security management concepts. • National cybersecurity regulations and requirements relevant to the Company. • Encryption methodologies. • Industry standard security models and their effective application. • Confidentiality, integrity and availability requirements.• Knowledge of current and emerging data encryption security features in databases.• Complex data structures. • Implementing enterprise key escrow systems to support data-at-rest encryption.• Confidentiality, integrity and availability principles. • Asset availability, capabilities and limitations. • NCA ECC Standard. • NIST CSF Framework. • The principles of cybersecurity and data privacy.• Data classification standards and methodologies. • Operational impact on an organization due to cybersecurity breaches. • Relevant cybersecurity, ethics and privacy laws, regulations and standards. • Conducting privacy impact assessments. • Privacy enhancing technologies. • Digital evidence seizes and preservation. Qualifications: • Bachelor’s degree in computer science, information technology, or any other related field. • 7-15 years of experience in information security. • A minimum of 5 years of Data Protection or Data Privacy. • Experience conducting audits to ISO 27701, GDPR and HIPAA • CISA, CISM, IAPP, CIPP, or equivalent certifications. • ECES, CISSP, SANS Suite, or equal certifications

    We are a national group formed on the foundations of social responsibility and building the acquired value with hard work and quality of outputs that contribute to creating a fertile production environment for our esteemed customers so that they can present their work in accordance with standards of balanced performance that ensures continuity and reduces the expected risk. More

  • in

    Cyber Governance – Cloud Security Consultant: | Almawarid Group

    Employment:

    Full Time

    Design, deploy and manage the solutions in the cloud environment. Provide guidance on cloud security to identify, detect, analyze and mitigate any threats or vulnerabilities. • Design and develop the cloud security architecture. • Develop and maintain a reference cloud security architecture.• Evaluate the effectiveness of current security architectures and designs with the IT team• Conduct cloud security risk assessments. • Develop and implement secure cloud strategy, policies and procedures. • Identify the company data stored within cloud environments. • Act as a subject matter expert for security cloud architecture. • Build and implement security controls to prevent unauthorized access to, alteration and disclosure of cloud data, software and systems. • Test software systems to ensure the security of the cloud-based platforms. • Assist the Intelligence team in monitoring and responding to cloud security events and incidents. • Develop and conduct awareness sessions on the cloud security.

    Knowledge:• NCA ECC Standard. • NIST CSF Framework.• The principles of cybersecurity and privacy.• Cloud-based knowledge management technologies and concepts. • Cloud service models and effect on incident response. • Cybersecurity incident response in cloud environment. • Network components, security measures and methods. • Cross-platform collaboration and content synchronization. • Virtualization technologies. • Network Infrastructure cybersecurity communication methods, principles and concepts. • IT security solutions (e.g. SIEM, CASB, DLP, MFA etc.) • Cloud security alliance cloud controls matrix • Relevant cybersecurity, ethics and privacy laws, regulations and standardsQualifications: • Bachelor’s degree in computer science, information systems, software engineering, data science, or related field. • 7- 15 years of experience in information security. • 7+ years of experience in cloud security. • Experience working with standard concepts, practices, and procedures of cloud technology and public cloud environments. • CISSP, CISM, CISA, CCSP, CCSK, CompTIA Cloud+, AWS cloud certifications, Azure cloud certification or equal certifications

    We are a national group formed on the foundations of social responsibility and building the acquired value with hard work and quality of outputs that contribute to creating a fertile production environment for our esteemed customers so that they can present their work in accordance with standards of balanced performance that ensures continuity and reduces the expected risk. More

  • in

    Application security Consultant: | Almawarid Group

    Employment:

    Full Time

    The systems security development specialist is responsible for evaluating the security of the software and applications. He/she should be involved in the complete software development lifecycle.• Determine the required security controls. • Assist in software design reviews. • Identify functional and/or performance test cases. • Conduct a risk assessment when a system, software or application undergoes a change. • Conduct secure code reviews. • Identify and implement security mechanisms to resolve issues in software development. • Perform software quality assurance testing. • Implement security measures for solving issues identified during software acceptance phase. • Conduct vulnerability assessment activities prior to deploying the application. • Evaluate and communicate the software testing results with the design team and stakeholders. • Develop documentation for software programming and development, and secure software / system testing and validation. • Develop and implement an application security program across the organization with periodic reviews to assess effectiveness. • Develop secure coding standards and procedures, derived from leading security practices and industry standards, across all platforms. • Develop a process for project risk rating to drive and inform SDLC rigor (e.g. threat modelling), which will be part of the SDLC process. • Conduct security assessments on applications when in staging mode and provide risk assessment report for application owners before deploying them in production.• Define an IT/OT application testing framework where regular reviews and mandatory checkpoints are conducted against defined standards prior to design completion.• Develop a code integrity process where code signing is performed consistently & integrated in SDLC process and code obfuscation is applied wherever applicable. • Conduct security assessments on applications in production. • Review the IT/OT security controls for applications targeted with cyber threats. • Maintain a centralized repository for SDLC processes integrated with regular tracking processes. • Document a list of requirements where all intellectual property and production code are held in escrow. • Develop guidelines to include application security testing and for mobile applications.• Train testers on coding process using security test cases. • Identify and assign personnel responsible for application security. • Develop a process for conducting SAST and DAST activities on all developed applications• Implement Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools to identify vulnerabilities and weaknesses in applications before deploying into production. • Develop a platform to allow users to report bugs/issues in the applications. • Implement a WAF to ensure protection of critical and externally facing the company applications. • Ensure WAF logs are captured, archived and integrated to the SIEM solution. • Create and maintain an inventory of all IT/OT applications including criticality and sensitivity ratings, reviewed at least once a year. • Maintain a whitelist of IT/OT applications and application components authorized to be active on a host along with a list of trusted applications from vendors. • Perform periodic scans to detect deviations from the baseline configuration standards.• Develop schedule to periodically review Web Application Firewall (WAF) signatures based on the changes to application use cases and design changes. • Develop training materials and implement training on application hardening relevant to all stakeholders.

    Knowledge: • Network components, their operation and appropriate network security controls and methods. • Cybersecurity and privacy principles as they apply to software development. • Programming language structures and logic. • Interpreted and compiled computer languages. • Critical information systems that were designed with limited technical cybersecurity controls. • Data security standards relating to the sector in which the company operates. • Embedded systems and how cybersecurity controls can be applied to them. • Intrusion detection and prevention system tools and applications. • Complex data structures. • Local and wide area networking principles and concepts including bandwidth management.• Secure configuration management techniques. • Software debugging principles. • Software development models.• Software engineering. • System design tools, methods and techniques, including automated systems analysis and design tools. • Knowledge of web services. • Secure coding techniques. • Software quality assurance process. • Developing software in high-level languages.• Developing software for UNIX or Linux.Qualifications: • Bachelor’s degree in computer science, information systems, or related field. • 10+ years of experience in information security. • 7+ years of experience in security testing of software. • ISTQB certifications, or equal certifications• Bachelor’s degree in computer science, information systems, or related field. • 10+ years of experience in information security. • 7+ years of experience in security testing of software. • ISTQB certifications, or equal

    We are a national group formed on the foundations of social responsibility and building the acquired value with hard work and quality of outputs that contribute to creating a fertile production environment for our esteemed customers so that they can present their work in accordance with standards of balanced performance that ensures continuity and reduces the expected risk. More

  • in

    Microsoft Infrastructure Consultant | Qatar Datamation Systems (QDS)

    Employment:

    Full Time

    As a Microsoft Infrastructure Consultant, you will be responsible to design and develop the infrastructure technical aspects for the deployment for different customer and also work with Microsoft closely.Description: • Act as the infrastructure expert for supporting different customers in the transformation of various services from on-premises solutions to Cloud technologies.• Plan, design, configure and deploy large scale cloud infrastructure on-premises or on Azure for different customers.• Produce end-to-end solution designs, putting together technologies from multiple IT systems and departments across either the application or infrastructure domains.• Must have detailed knowledge and experience of one or more application or infrastructure domains and can clearly document and communicate the domain architecture.• Ensures technical quality and assurance by participating in Governance and Technical Design peer review processes, working closely with customer and internal stakeholders as appropriate.• Oversees coordination of the Solution Manager/Solution Architect, and teams up with other Functional or Technical Architects.• Experience and working knowledge with Microsoft Azure with IaaS & PaaS / Microsoft 365 with Security, including planning, configuration, optimization and deployment. • Strong practical Windows-based systems administration skills in a Cloud or Virtualized environment. • Proficiency in Windows / Active Directory / Exchange / Azure and Microsoft 365 technologies. • Large scale migration experience Data Centre to Data Centre and/or Data Centre to Cloud. • Demonstrated ability to think strategically about business, product, and technical challenges. • Experience planning and developing support processes and adhering to best practices.• Strong written and oral communication skills, and the ability to effectively communicate with technical and non-technical audiences. • Experience managing cloud/data center operations, including governance, monitoring, alerting and notifications.

    Candidate should have relevant experience of deployment/migration/configuration on the below technologies and platforms:• Active Directory• Exchange Server• Microsoft Azure Cloud (IaaS/PaaS)• Microsoft 365 (Office 365/Enterprise Mobility + Security/Windows 10)• System Center Suite• SQL Server

    QDS has strengthened its play and expanded its presence in the regional IT solutions, services and support market by building long-term relationships with customers and principals.

    Since its inception in 1983, QDS has been growing from strength to strength blending the latest of technology with impeccable business acumen and meeting the most challenging requirements of a fastevolving IT landscape through strategic joint ventures, world class vendor alliances, extensive and strategic vertical focus and a well trained and talented workforce of over 150 professionals.

    Today, QDS provides a wide range of fully integrated IT based business solutions that addresses almost the entire market spectrum, spanning various verticals like Banking and Finance, Healthcare, Government, Education, Oil and Gas, Telecommunication and Private sectors backed by high quality customer Support. More

  • in

    Compliance Officer – MLRO – SAMA | Venture Search

    Employment:

    Full Time

    As the compliance officer you will be responsible for assisting in ensuring the overall regulatory compliance as required by global laws and regulations. As the Compliance Officer, you must ensure the Company abides the international AML conventions and the relevant laws and the new payment regulations issued by SAMA. Reporting to the Senior, you will operate independently and work closely with all relevant stakeholders, internationally.Responsibilities:• Be the person in working with internal and external stakeholders for PI/EMI license application in KSA.• Be the Recognized Person to implement the AML policies, procedures, systems and controls and day-to-day oversight of its compliance with the Rules in AML and any relevant anti-money laundering Rules, to meet Regulators’ expectations and to mitigate in-house compliance risks.• Be responsible in AML risk assessment, clients onboarding, payment channels onboarding, ongoing monitoring, AML/fraud-related transactions monitoring, record keeping and staff trainings.• Cooperating with the Financial Intelligence Units and all applicable Regulators in the KSA, including but not limited to routine liaison and any submission of documentation upon regulatory requests.• Assisting in undergoing multiple compliance inspections and enquiries by our globally recognized commercial banks and regulated payment channel partners.• Reporting regularly to the Senior Management on the licensing status and any regulatory compliance matters.• Monitor any changes of regulatory developments that would potentially impact the company and providing timely updates to the relevant functions.• Ensuring the regulatory requirements are promptly implemented to a satisfactory level.• Assisting in ad-hoc compliance reviews.

    • +5 years relevant experience in AML and regulatory compliance, with proven track records in securing regulatory licenses is a strong plus• Proven track records in dealing with SAMA and deep knowledge about the guidelines for PSP in KSA.• Professional qualification(s) is required to demonstrate sufficient knowledge of relevant AML requirements e.g. CAMS• Experience in incorporation of entities with SAMA and application submission for securing PI/EMI licenses.• Strong proficiency in English• Residency in the KSA

    Venture Search is an international banking & financial services search firm, combining technology and human skill to enhance all aspects of the hiring process.
    By combining advanced search technology and a market-leading team, we are able to attract the most talented candidates in the banking and financial services sector.
    Here at Venture Search, we are passionate about building world-class teams and delivering long-term recruitment solutions. Venture’s focus spans multiple facets of the global Financial Services industry, including Banking, Non-Banking Financial Institutions, Buyside, Fintechs, and Advisory firms. More

  • in

    Group CFO – Chief Financial Officer | Guildhall

    Employment:

    Full Time

    Guildhall is looking for a Group CFO to work within one of the most successful groups in Qatar.We require a CFO who is experienced in managing finances for organisations with over 2000 staff across a wide rage of subsidiaries and regions.This is a long term opportunity for the right person with the right background and personality to succeed with this organisations aims for the FIFA World Cup and 2030 Vision for Qatar. We are looking for someone commercially astute.A generous family package is on offer with fights, schooling and vehicle all provided.

    Candidates should be able to demonstrate the following skills and experience:- 20+ years financial management experience- Worked as a CFO for a group of businesses – Experienced in organisations with over 2000 staff- Strong personality and able to build relationships vertically through the business

    Guildhall is the most respected HR & Headhunting Consultancy in the MENA Region.

    With deep, extensive knowledge of HR & Recruiting in the region, Guildhall has become a trusted partner of choice for candidates and clients. Starting from an exclusive recruitment agency in Dubai – UAE, Guildhall has grown into an elite service with the ability to cover vacancies in across MENA and Asia-pacific.

    Offering tailored Career Sessions and an innovative industry-first membership program designed to save money on core services.

    Guildhall is the partner of choice. More

  • in

    Operations Officer | Venture Search

    Employment:

    Full Time

    • You will be responsible for managing the office administration and coordinating with the global admin and finance team for maintaining and proper functioning of the ADGM office.• You will be responsible for facilitating/ attending any customer issues and raising to the concerned team in UAE or the global headquarters.• You will be coordinating with the relevant stakeholders and contributing to the development of weekly and monthly reports and dashboards.• Supporting the team with the review and development of template documents, emails, processes and process maps• Ensuring requests to the team are responded to in an efficient, accurate and timely manner.• You will be responsible to rectify any systems issues locally in UAE and coordinating with the global IT team for providing immediate solutions.• Taking lead on automation of reporting activities including providing user requirements and IT issues any other risk related projects.• Monitoring and approving petty cash payments, including ensuring disbursements are captured.

    • +5 years relevant experience in Operations, Customer complaints in financial services company or Fintech• Familiarity in dealing with ADGM/DIFC/CBUAE and knowledge a bout the local laws in UAE.• Graduate qualification(s) is required to demonstrate sufficient knowledge in IT, systems management, networking.• The role also requires that the candidate is able to collaborate with colleagues across different competences within the organization• Strong proficiency in English• Resident in the UAE and presently based in UAE;

    Venture Search is an international banking & financial services search firm, combining technology and human skill to enhance all aspects of the hiring process.
    By combining advanced search technology and a market-leading team, we are able to attract the most talented candidates in the banking and financial services sector.
    Here at Venture Search, we are passionate about building world-class teams and delivering long-term recruitment solutions. Venture’s focus spans multiple facets of the global Financial Services industry, including Banking, Non-Banking Financial Institutions, Buyside, Fintechs, and Advisory firms. More