17 Identity Access Management jobs in Qatar

Lesha Bank is searching for the greatest talent and brightest minds to contribute to the current growth phase at our bank. We are looking for top-tier individuals who are passionate and hungry to add value from day one. Every day at Lesha is different, presenting a new challenge with the opportunity to contribute and grow. We are looking for an Information Security Officer (ISO).

Role Purpose

The Information Security Officer (ISO) will be responsible for developing, implementing, and overseeing the bank's information security strategy, policies, and controls. The role ensures that the bank's data, systems, applications, and infrastructure are safeguarded against internal and external threats while meeting local regulatory requirements (QCB, QFCRA, NCSA-Q) and international standards (ISO 27001, NIST, GDPR, PCI-DSS as relevant).

Key Responsibilities

Governance & Compliance

• Establish, maintain, and enforce the bank's information security framework, aligned with QCB, QFCRA, and local cybersecurity regulations.
• Ensure compliance with international standards (ISO 27001, NIST CSF, COBIT, PCI-DSS) and conduct regular gap analyses.
• Prepare and present security risk assessments and reports to senior management, regulators, and the Board Risk Committee.
• Design, implement, and enforce security policies and procedures to safeguard the bank's infrastructure and data.

Security Operations

• Oversee Security Operations Center (SOC) activities, incident response, and threat intelligence monitoring.
• Develop and maintain business continuity, disaster recovery, and incident response plans.
• Implement and monitor Data Loss Prevention (DLP), intrusion detection/prevention (IDS/IPS), endpoint protection, and other security tools.
• Lead investigations of security breaches, develop strategies for handling incidents, and ensure lessons learned are integrated into policies and processes.
• Stay current with the latest security systems, standards, and products to ensure optimal protection.
• Regularly evaluate the effectiveness of security measures and update them against emerging threats and industry best practices.
• Conduct regular staff training on security awareness, best practices, and incident procedures.
• Collaborate with IT and business management to continuously improve security controls and culture.

Risk Management

• Conduct enterprise-wide risk assessments on systems, applications, vendors, and third-party service providers.
• Identify vulnerabilities and ensure timely remediation through patch management and secure configurations.
• Work with IT and business units to integrate security into new product initiatives.

Vendor & Technology Oversight

• Evaluate and approve technology vendors, outsourcing partners, and cloud solutions for compliance with security standards.
• Manage penetration tests, vulnerability assessments, and external audits.

Requirements:

• Bachelor's degree in information security, Computer Science, or related field. Master's degree preferred.
• Professional certifications: CISSP or CISM required; CISA and ISO 27001 Lead Implementer preferred.
• Cloud security certifications (e.g., CCSP, AWS Security) are a plus.
• 8–12 years in information security, with at least 5 years in the financial-services sector.
• Strong background in banking systems, digital channels, payment systems, and regulatory environments.
• Proven experience engaging with regulators (QCB, QFCRA, CMA, or equivalent).
• Proven experience in implementing SEIM Solutions, managing SOC Team.
• Expertise in cybersecurity frameworks, network security, cryptography, and identity & access management.
• Strong risk management and analytical skills.
• Excellent communication and stakeholder-management skills, capable of engaging effectively with regulators, auditors, and the Board.
• Ability to influence across departments, build a culture of security, and lead change initiatives without direct authority

The Information Security Engineer will focus on ensuring the organization's applications and data is secure and built according to best security standards. This role will be the subject matter expert on building secure code, application security, vulnerability testing, and providing security validation to the organization's environments.
Key Roles & Responsibilities

• Perform scheduled penetration testing of the company's applications
• Perform white, gray and black box security assessments.
• Support the organization, JVs and Subsidiaries in implementing Secure Software development lifecycle.
• Perform Mobile Services security Assessments.
• Support the organizations' environment monitoring by using available tools or help build internal tools to enable advanced threat detection and response.
• Conduct Security Vulnerability Assessments and impact assessment on company's electronic assets.
• Perform Security Assessments on ERP and other on-premise solutions.

Requirements
Skills, Knowledge and Behaviors:

• Ability to lead direct and indirect resources
• Ability to communicate technical challenges to non-technical audiences
• Ability to quantify risk and impact vectors
• Certified Ethical Hacker
• OCSP level of technical expertise
• Strong Scripting capability
• Strong ISO 27000 understanding
• Strong Application security background
• Strong Infrastructure security Background
• Strong experience in open source security tools

Qualifications & Experience

• Security Certification focusing on offensive or defensive practices
• Bachelor's degree in Information Security or Computer Engineering
• 10 + years in cybersecurity field
• System, network and/or application background

Preferred Experience

• Product development experience

Our company is currently in need of an Information Security Specialist to join our team with the following skills and qualifications:

· Bachelor's degree in Information Technology or Cyber Security

· Professional Certifications Required + CompTIA Security: or CEH.

· Desired Advanced Certifications: CISSP or CISM

· At least 5 years of practical experience in the field of information security and cyber security.

· Experience working with systems Firewalls, DLP, EDR, SIEM

· Proficiency in Arabic and English (writing and speaking)

Note: Candidate must be in Qatar with transferable work visa

Basic Duties and Responsibilities:

· Develop and implement the center's cybersecurity policies and procedures.

· Managing security systems such as IDS/IPS, Firewalls, and Endpoint Protection (EDR) software

· Monitor security activities, analyze alerts, and respond to incidents

· Conduct periodic assessment of risks and security vulnerabilities

· Manage and monitor access rights and protect sensitive accounts

· Preparing monthly cybersecurity status reports (KPIs).

· Participate in Business Continuity Plans and Disaster Recovery Plans (BCP/DR).

· Educating employees about best security practices (periodic training)

Please direct copy of your latest CV to and write the position you are eligible for in the subject line.

Job Type: Full-time

Pay: QAR4, QAR5,000.00 per month

About Us:

Forvis Mazars LLC is a firm registered under Qatar Financial Center in Qatar with License Registration No established on 26 February 2019. However, we have been operating in the Qatari market for 40+ years under our sister entity, Mazars Consultants Auditors and Partners, established under Ministry of Commerce and Industry.

We have been the firm of choice by the local market with a strong foothold in the State by being in the industry for more than 40 years.

Forvis Mazars LLC is a fully Integrated partner with Forvis Mazars group with access to all global resources and expertise.

Forvis Mazars in Qatar has been operating and serving the Qatari market with a wide range of experience in auditing, taxation, consulting and financial advisory services. The partners and professional team have international and diversified experience and have a thorough knowledge of the market.

Responsibilities:

• Develop and implement cybersecurity strategies and controls.

• Administer firewalls, IDS/IPS, EDR, and DLP systems.

• Conduct vulnerability assessments and incident monitoring.

• Manage identity and access controls.

• Contribute to Business Continuity (BCP) and Disaster Recovery (DR) planning.

Requirements:

• Bachelor's degree in IT/Cybersecurity, CompTIA Security+ or CEH, CISM/CISSP preferred,

• 5+ years' experience.

• Advanced communication skills

• Leadership skill

• Fluent in English and Arabic (Speaking, reading and writing)

Ready to join with short notice

Benefits:

Attractive salary and benefits.

Qualifications:

• Bachelor's degree in Information Technology or Cybersecurity.

• Professional certifications such as CompTIA Security+ or CEH.

• Additional certifications such as CISSP or CISM are an advantage.

• Minimum of three years' experience in Information Security or

Cybersecurity.

• Experience with security tools such as Firewalls, DLP, EDR, and SIEM.

• Proficiency in Arabic and English (writing and speaking).

Responsibilities:

• Develop and implement cybersecurity policies and procedures for the center.

• Manage security systems such as Firewalls, IDS/IPS, and endpoint protection systems

(EDR).

• Monitor security systems, analyze alerts, and respond to incidents and threats.

• Conduct periodic assessments of risks and technical vulnerabilities.

• Manage user access permissions and protect sensitive accounts.

• Prepare periodic reports on the security status and key performance indicators (KPIs).

• Participate in business continuity and disaster recovery planning (BCP/DR).

• Raise employee awareness of best cybersecurity practices (through periodic training).

Job Type: Full-time

Job Description

ECCO Gulf Majorel Qatar is seeking an experienced Information Security Specialist to join our dynamic IT team in Qatar. As an integral part of our organization, you will be responsible for safeguarding our information systems and ensuring the confidentiality, integrity, and availability of our data. Your expertise will help us maintain a robust security posture in the ever-evolving landscape of information technology.

• Develop, implement, and continuously improve cybersecurity policies, procedures, and controls across the organization.
• Manage security systems such as firewalls, IDS/IPS, and endpoint protection software (EDR).
• Monitor security incidents, perform detailed analysis, and coordinate effective response to breaches.
• Conduct regular vulnerability assessments and threat identification.
• Manage and monitor access controls and protect privileged accounts.
• Prepare comprehensive monthly cybersecurity performance reports, incorporating key performance indicators (KPIs).
• Participate in business continuity planning and disaster recovery (BCP/DR).
• Conduct employee awareness and cybersecurity best practices training.

Required Profile

We are looking for a dedicated professional with a strong background in information security. The ideal candidate will possess the following skills and qualifications:

• B.Sc. Degree in Computer Science, Information Technology, or a related field.
• Minimum of 6 years of experience in information security or cybersecurity or a related field.
• CompTIA Security+ or CEH certification is Mandatory.
• Proficiency in both Arabic and English (written and spoken) is required.
• Relevant certifications such as CISSP, CISM, Preferred.
• Strong knowledge of security protocols, cryptography, and risk management.
• Experience working with security systems such as SIEM, EDR, DLP, and firewalls.
• Excellent problem-solving skills and attention to detail.
• Strong communication skills and the ability to work collaboratively with cross-functional teams.

Responsibilities:

• Implement real-time oversight of security systems, including firewalls, IDS/IPS, EDR, XDR, WAF, SIEM, and email gateways, to promptly detect and mitigate threats in both on-premises and cloud environments.
• Conduct regular vulnerability scans and risk assessments to identify security gaps, ensuring timely remediation in both on-premises and cloud environments and enhancement of the security framework.
• Establish and execute a comprehensive incident response plan for security breaches, encompassing investigation, containment, recovery, and post-incident analysis using SIEM and EDR/XDR tools.
• Formulate and enforce security policies aligned with industry standards (e.g., ISO 27001, NIST, QCERT and NIA) to ensure compliance and enhance overall security.
• Implement ongoing security training and awareness programs to educate employees on best practices and emerging threats, fostering a security-conscious culture.
• Establish robust access controls to limit data exposure based on user roles, ensuring only authorized personnel can access sensitive information.
• Integrate threat intelligence feeds to stay updated on emerging threats and vulnerabilities, enhancing proactive defense measures.
• Conduct periodic security audits and penetration testing to evaluate the effectiveness of security measures and identify areas for improvement.
• Prepare and submit regular compliance reports to management, highlighting adherence to security policies, incident responses, and ongoing security initiatives.

Qualifications:

• 3-5+ years of experience in the following:
• Network and System Security devices and tools.
• Infrastructure Services Governance.
• Vulnerability scanning and assessments.
• Security incident response management.
• Enforcing industry security policy standards and frameworks.
• Configuring and integrating threat intelligence feeds.
• Writing security reports, policies, and procedures.
• Conducting penetration testing and audits.

Job Type: Full-time

Location

Doha, Qatar

Experience

Job Type

Recruitment

Job Description

Information Security

Information Security Responsibilities

• Primary responsible for planning, coordinating, and organizing Information Security activities.
• Enforce and monitor the implementation and compliance with IT Information Security Policy.
• Develop and manage the implementation of Information Security Policies and Procedures.
• Ensure Risk Assessments are conducted on all information systems such as people, process, technology, and information processing facilities.
• Ensure implementation of all Information Security controls, as set forth in the Risk Treatment Plan, to ensure adequate security for the respective system.
• Conduct Information Security communications and outreach by leveraging the Information Security Management System (ISMS) committee.
• Establish appropriate measures to assess operational capabilities and determine compliance and effectiveness levels with Information Security Policy.
• Supervise other related assurance functions, as necessary.
• Ensure the compliance of Information Security Policies in the organization.
• Develop and ensure implementation of Information Security procedures.
• Develop and ensure implementation of incident handling and reporting.
• Follow-up, escalate, and report the resolution of Information Security issues identified during security assessments, penetration tests, and audits.
• Develop, implement, and maintain Disaster Recovery (DR) procedures and infrastructure in relation to the Business Continuity Plan (BCP)/IT Service Contingency Plan.
• Conduct and coordinate Information Security awareness and orientation programs.
• Responsible for conducting Committee meetings.

Security Incident Management

• Incident Management:
  
  Establish a formal procedure for internally reporting and tracking security incidents. Ensure incident response and escalation procedures are followed, and inform all employees, contractors, and third-party users of their responsibility to report security incidents.
• Incident Handling:
  
  Participate and/or oversee the investigation and management of information security events and policy violations and track them to conclusion.
• Incident Notification and Reporting:
  
  Follow policy for the notification and reporting of incidents immediately upon discovery.
• Corrective/Preventive Actions:
  
  Develop and document corrective action plans and implement preventive actions to mitigate recurrence.

Problem Management

• Analyze a security incident to detect an underlying problem that exists or is likely to exist.
• Categorize and prioritize the problem based on the frequency, severity, and impact of the incident.
• Investigate and diagnose the root cause of the problem.
• Test and apply temporary workarounds.
• Document the known error record.

Risk Management

• Risk Management Program:
  
  Create a formal process to address risk through the coordination and control of activities regarding each risk.
• Risk Assessment:
  
  Conduct formal vulnerability assessments of the environment on a regular basis.
• Risk Mitigation:
  
  Create a formal process to mitigate vulnerabilities and more.

Qualifications

Experience

• 8+ years in IT work experience
• 5+ years in a similar role

Education

• Bachelor of Engineering
• Or Bachelor of IT
• Or Bachelor of Computer Science

Certifications

• CRISC – Certified in Risk and Information Systems Control
• Or ISO/IEC 27001 Lead Implementer or Lead Auditor
• Or CISSP – Certified Information Systems Security Professional

Required Skillset

• Expertise in implementation of security frameworks such as NIST, ISO/IEC 27001, and other local regulations and frameworks.
• Expertise in compliance requirements like GDPR, HIPAA, PCI DSS, SOX, and other relevant laws and regulations.
• Expertise in conducting risk assessments, identifying security risks, evaluating impact, and implementing mitigation strategies.
• Expertise in developing policies, procedures, and processes.
• Expertise in creating and managing security awareness and training programs to educate employees on cybersecurity threats and best practices.

Job Purpose

• Responsible to support Information Security Governance, Risk and Control
• activities. Assist in all information security activities in order to protect the
• organization's information technology assets from cyber-attacks.
• Function Information Technology

Key Responsibilities

• Supporting and maintaining the required Information Security policies, procedures, guidelines, registers and relevant documentations for the GRC activities.
• Obtain, review, and prepare periodic review reports such as User
• Access Management reports for Audit, GRC and other government
• regulatory compliance activities.
• Coordinate, conduct and participate in all related Audits includingISMS, MPTO, Internal and External.
• Maintain overall ISMS related documentation with appropriate versioning and tracking changes
• Coordinate Information Security and Privacy Management related
• Meetings
• Train and support the internal teams and staffs on activities related to information security compliance and personal information and privacy management
• Ensure all approved policies related to Information Security are applied and maintained in an effective and efficient manner
• Coordinate with relevant Teams and external MSPs on incidence response activities
• Support staffs on minor troubleshooting activities related to information security Create / Translate relevant documentations and contents in Arabic for
• wider circulation Coordinate, communicate effectively and maintain cordial relationship with internal and external departments of Qatar Post with respect to information security activities

Knowledge / Skills Required

• University Degree related to Information Technology or similar

Qualification

• Good knowledge in Arabic both written and spoken
• Preferably certifications in Information Security such as CISA, CISM,
• MCSE
• Preferably certifications in ISO27001:2013 Lead Implementer
• 3+ years of experience in information security or information
• technology processing facilities