81 Head Of Information Security Governance jobs in Qatar

• This role is designed for a professional deeply committed to safeguarding sensitive personal data and ensuring compliance with global and regional data protection regulations (e.g., GDPR, CCPA, Qatar PDPPL). You will lead efforts to identify, classify, and protect PII across the organization while embedding privacy-by-design principles into business processes. Your responsibilities will span data lifecycle governance, third-party risk management, regulatory compliance, and incident response, ensuring that all data processing activities align with legal and ethical standards.
• This position requires a strategic thinker who can balance technical controls with regulatory requirements, collaborate cross-functionally to mitigate risks, and foster a culture of data privacy

KEY RESPONSIBILITIES

1. Data Governance & Compliance

Data Lifecycle Governance :

• Design and implement end-to-end data lifecycle policies to govern data from creation / collection to archival and secure deletion, ensuring compliance with legal, regulatory, and business requirements.
• Define retention schedules, archival protocols, and secure disposal methods for sensitive data (e.g., PII, financial records) in collaboration with legal and IT teams.

Data Classification

• Develop / Enhance Data Classification Frameworks : Design and implement a tiered classification system (e.g., Public, Internal, Restricted, Confidential) to categorize data based on sensitivity, regulatory requirements, and business impact.
• Define Classification Standards : Establish clear criteria for labeling data types (e.g., PII, financial records, intellectual property) and enforce metadata tagging for traceability.

Regulatory Compliance :

• Ensure adherence to GDPR, CCPA, Qatar PDPPL, and other applicable laws by implementing consent management frameworks, data subject rights workflows, and breach notification protocols.

2. Technical Safeguards & Risk Mitigation

Data Protection Controls :

• Implement encryption, tokenization, and pseudonymization for PII at rest and in transit.
• Deploy Data Loss Prevention (DLP) tools to monitor and restrict unauthorized data transfers.

3. Third-Party & Vendor Oversight

• Assess third-party vendors for compliance with data protection obligations through questionnaires, audits, and contractual reviews.

Data Processing Agreements (DPAs) :

• Draft and enforce DPAs to ensure vendors adhere to organizational privacy standards and regulatory mandates.

TECHNICAL REQUIREMENTS

• Expertise in data protection technologies : DLP, encryption (AES-256, TLS), and anonymization tools.
• Proficiency with compliance platforms : OneTrust, TrustArc, or similar for PIAs and consent management.
• Familiarity with cloud security (AWS / Azure / GCP IAM, storage ACLs) and data residency requirements.
• Knowledge of privacy-enhancing technologies (PETs) such as differential privacy or homomorphic encryption.
• Experience with incident response tools for breach detection and analysis.
• Basic scripting skills (Python, SQL) for data mapping and workflow automation.

CERTIFICATIONS

• Required : CIPP (Certified Information Privacy Professional) or CIPM (Certified Information Privacy Manager).
• Preferred : ISO 27001 Lead Implementer, CDPSE (Certified Data Privacy Solutions Engineer).
• Advantageous : Cloud-specific certifications.

REQUIRED EXPERIENCE

• 3+ years in data protection, privacy compliance, or PII governance roles.
• Demonstrated experience conducting PIAs, managing DSARs, and responding to data breaches.
• Proven track record in implementing GDPR / CCPA / Qatar PDPPL requirements within complex organizations.
• Familiarity with third-party risk management frameworks and contract negotiation.

IDEAL CANDIDATE PROFILE

You are a detail-oriented professional with a deep understanding of global privacy regulations and the technical acumen to translate legal requirements into actionable controls. You thrive in collaborative environments, excel at simplifying complex privacy concepts for non-technical stakeholders, and are passionate about fostering a privacy-first culture. Your ability to balance proactive risk mitigation with operational efficiency will be critical in protecting the organization’s reputation and maintaining stakeholder trust.

• Skillset Required : Proactive, Loss Prevention, Iso 27001, Devops, Azure, Policy Development, Information Security, Compliance, Intellect, Python, Data Handling, Workflow, Iam, Excel, Triggers, Detail-oriented, Sql, Design Principles, Trends

TAX Risk Management Consultant

Job Summary:

The Risk Management Function plays a critical role in safeguarding the integrity and efficiency of the system. This position is responsible for leading the development and implementation of a comprehensive risk management framework in TAX Authority, with a specific focus on the unique challenges and opportunities present in GCC region. The ideal candidate possesses in-depth knowledge of regional TAX laws, regulations, and business practices, coupled with a strong understanding of risk assessment methodologies and control strategies, who will look after organizational risk, financial risk, operational risk, reputational, cyber risk etc.

Key Responsibilities:

* Risk Assessment and Analysis:

• Conduct comprehensive risk assessments to identify, analyze, and prioritize potential risks across all the tax entity functions
• Develop and maintain a risk register, documenting identified risks, their potential impact, likelihood of occurrence, and mitigation strategies.
• Utilize data analytics and other tools to monitor and evaluate the effectiveness of risk mitigation efforts.

* Risk Management Framework Development:

• Develop and implement a risk management framework tailored to the specific needs and characteristics of the GCC region.
• Establish clear risk appetite and tolerance levels in alignment with the entity 's strategic objectives and regulatory requirements.
• Define roles and responsibilities for risk management across the entity, ensuring accountability and ownership at all levels.
• Develop and deliver training programs to enhance risk awareness and understanding among the entity employees.

* Control Design and Implementation:

• Design and implement effective internal controls to mitigate identified risks and ensure compliance with tax laws and regulations.
• Collaborate with relevant stakeholders to integrate risk management considerations into business processes and decision-making.
• Experience with integration with external entities that feed into the risk model
• Regularly review and update control procedures to adapt to evolving risks and regulatory changes.

* Compliance Monitoring and Reporting:

• Monitor compliance with tax laws and regulations, identifying and addressing any instances of non-compliance.
• Develop and implement a comprehensive reporting system to provide timely and accurate information on risk exposure and mitigation activities.
• Prepare regular reports for senior management and other stakeholders, highlighting key risk areas and recommending appropriate actions.

Qualifications and Experience:

• Bachelor's degree in accounting, Finance, Law, or a related field.
• Master's degree or professional certification in risk management is preferred.
• Experience with statistics or econometrics models.
• 15+ years proven experience in a risk management role within a tax or related organization.
• in-depth knowledge of tax laws, regulations, and business practices in the GCC region.
• Strong understanding of risk assessment methodologies and control strategies.
• Excellent analytical, problem-solving, and decision-making skills.
• Effective communication and interpersonal skills.
• Ability to work independently and as part of a team.
• Fluency in English language, Arabic Language is advantageous.

Are you a seasoned risk professional ready to take your expertise to the next level? We're looking for a Risk Management Consultant with deep knowledge of Enterprise Risk and Business Continuity frameworks to help strengthen our strategic capabilities.

Key Responsibilities

• Support the development and maintenance of the Enterprise Risk Management and Business Continuity Management Frameworks, aligned with international standards and organizational objectives.
• Conduct strategic risk assessments supported by robust control mechanism testing to verify mitigation effectiveness.
• Define and assess strategic risk control mechanisms.
• Assist in the development of Strategic Risk Treatment Plans for high and very high-risk areas, ensuring alignment with business priorities.
• Maintain a timely and accurate Strategic Risk Register, reflecting current risk status, treatment actions, and review dates.
• Develop and monitor Key Risk Indicators (KRIs) for high and very high-risk categories to support early warning systems and proactive management.

Required Qualifications

• Bachelor's degree in Risk Management, Business Administration, Finance, or a related field (Master's degree preferred).
• At least 8 years of relevant experience in Enterprise Risk Management, Business Continuity, or Governance roles.
• Strong knowledge of international risk standards (e.g., ISO 31000, COSO ERM Framework, ISO
• Proven experience in developing and maintaining strategic risk frameworks and registers.
• Skilled in risk assessment methodologies, control testing, and key risk indicator development.
• Strong analytical thinking, reporting, and communication skills.
• Professional certifications such as CRMP, ISO 31000 Certified Risk Manager, CBCI, or IRM Certificate in Risk Management are an advantage.

Job Type: Full-time

Canonical is seeking a Security Risk Management Specialist to lead security risk assessments, modelling, and risk management practices. In security risk management we aim to combine industry best practice with innovation in how we perform security risk assessments and modelling. The security risk management team is the primary owner of the strategy and practices for identifying, tracking, and reducing security risk across Canonical's products, services, and operations.

To support this, we apply industry best practices with threat information to promote risk identification, quantification, impact analysis, and modelling to drive decision making. In this role you will help establish and execute a broad strategic vision for the security risk program at Canonical. You will work within the team and cross-functionally with other teams across the organisation. The team contributes requirements for Canonical product security, improving the resilience of Ubuntu customers and users against cyber threats. The team also collaborates with Organisational Learning and Development to develop playbooks and facilitate security training across Canonical.

The security risk management team's mission is not only to secure Canonical, but also to contribute to the security of the wider open source ecosystem. They might share knowledge through public presentations and industry events, and share threat intelligence with the wider community or represent Canonical in sector-specific governance bodies.

• Define Canonical's security risk management standards and playbooks
• Analyse and improve Canonical's security risk practices
• Evaluate, select and implement new security requirements, tools and practices
• Grow the presence and thought leadership of Canonical security risk management practice
• Develop Canonical security risk learning and development materials
• Work with Security leadership to present information and influence change
• Participate in developing key risk indicators, provide inputs to the development of key control indicators, and key performance indicators for various programs
• Apply statistical models to risk frameworks (such as FAIR, sensitivity analysis, and others)
• Participate in risk management, decision-making, and collaborative discussions
• Lead quantified risk assessments and understand the value of qualitative data for improvements to quality and engineering processes
• Interpret internal or external cyber security risk analyses in business terms and recommend a responsible course of action
• Develop templates and materials to help with self-service risk management actions
• Monitor and identify opportunities to improve the effectiveness of risk management processes
• Launch campaigns to perform security assessments and help mitigate security risks across the company
• Build evaluation methods and performance indicators to measure efficiency of security functions and capabilities

• An exceptional academic track record
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Drive and a track record of going above-and-beyond expectations
• Deep personal motivation to be at the forefront of technology security
• Leadership and management ability
• Excellent business English writing and presentation skills
• Problem-solver with excellent communication skills, a deep technical understanding of security assessments and risk management
• Expertise in threat modelling and risk management frameworks
• Broad knowledge of how to operationalize the management of security risk
• Experience in Secure Development Lifecycle and Security by Design methodology

We consider geographical location, experience, and performance in shaping compensation worldwide. We revisit compensation annually (and more often for graduates and associates) to ensure we recognise outstanding performance. In addition to base pay, we offer a performance-driven annual bonus. We provide all team members with additional benefits, which reflect our values and ideals. We balance our programs to meet local needs and ensure fairness globally.

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events

Canonical is a pioneering tech firm at the forefront of the global move to open source. As the company that publishes Ubuntu, one of the most important open source projects and the platform for AI, IoT and the cloud, we are changing the world on a daily basis. We recruit on a global basis and set a very high standard for people joining the company. We expect excellence - in order to succeed, we need to be the best at what we do. Canonical has been a remote-first company since its inception in 2004. Working here is a step into the future, and will challenge you to think differently, work smarter, learn new skills, and raise your game.

Canonical is an equal opportunity employer

We are proud to foster a workplace free from discrimination. Diversity of experience, perspectives, and background create a better work environment and better products. Whatever your identity, we will give your application fair consideration.

• Entry level

• Full-time

• Finance and Sales

• Software Development

Referrals increase your chances of interviewing at Canonical by 2x

Location: Doha, Doha, Qatar

Knowledge & Experience:

 Bachelors Degree preferably in Risk / Business Administration or other governance area e.g. audit, accounting and compliance

At least 6 to 10 years of experience in Risk Management and Insurance

isk Management certification is preferred, but not essential

Computer Skills including Microsoft Office

reation of Policies, Procedures & Work Methods Knowledge

ommunication Skills and gravitas to deal with audience of all levels

eport Writing & Drafting Skills

roblem solving and able to find practical and proportional solutions

ble to work on own initiative and be a self-starter to lead on various initiatives

dministration Skills and time management

Job Types: Full-time, Permanent

Experience:

• Banking domain: 4 years (Required)
• Settlement: 4 years (Required)

BAE Systems Strategic Aerospace Services WLL | Full time

The Information Security Engineer willfocus on ensuring the organization's applications and data is secure and builtaccording to best security standards. This role will be the subject matterexpert on building secure code, application security, vulnerability testing,and providing security validation to the organization's environments.

• Performscheduled penetration testing of the company's applications
  
• Performwhite, gray and black box security assessments.
  
• Supportthe organization, JVs and Subsidiaries in implementing Secure Softwaredevelopment lifecycle.
  
• PerformMobile Services security Assessments.
  
• Supportthe organizations’ environment monitoring by using available tools or helpbuild internal tools to enable advanced threat detection and response.
  
• ConductSecurity Vulnerability Assessments and impact assessment on company’s electronicassets.
  
• PerformSecurity Assessments on ERP and other on-premise solutions.
  
  
  

Skills,Knowledge and Behaviors:

• Ability to lead directand indirect resources
  
• Ability to communicatetechnical challenges to non-technical audiences
  
• Ability to quantify riskand impact vectors
  
• Certified Ethical Hacker
  
• OCSP level of technicalexpertise
  
• Strong Scriptingcapability
  
• Strong Applicationsecurity background
  
• Strong Infrastructuresecurity Background
  
• Strong experience in open source security tools
  

• SecurityCertification focusing on offensive or defensive practices
  
• Bachelor’s degreein Information Security or Computer Engineering
  
• 10 + years incybersecurity field
  
• System, networkand/or application background
  

Information Security Analyst – Umm-Salal, Qatar

We are a company in Umm-Salal, Qatar seeking a skilled and experienced Information Security Analyst to join our team. This is a contract position.

Responsibilities:

• Ensure the security of the company's information systems and data.
• Conduct regular security audits and risk assessments.
• Implement security measures to protect against threats.
• Monitor system activity for suspicious behavior.
• Communicate potential risks and security requirements to relevant departments.

Qualifications:

• Strong background in information security with understanding of current industry standards and best practices.
• Excellent problem-solving skills and the ability to think critically when analyzing risks and vulnerabilities.
• Experience in information security; prior experience required.

Remuneration and benefits:

• Salary: 1400 USD per month
• Accommodation provided

This position does not require English proficiency but does require prior information security experience.

Note: This description reflects the role responsibilities and requirements without unrelated or non-relevant content from other postings.