Job Description

About the Role

The IT Security, Infrastructure & Technology Risk Manager is responsible for the secure, reliable and efficient operation of the organisation's technology environment, including infrastructure, cybersecurity, cloud platforms, business continuity and technology risk management.

The role will lead the day-to-day management of IT infrastructure and cybersecurity operations whilst supporting the organisation's regulatory obligations under Qatar Central Bank (QCB) requirements. Working closely with the Head of IT, Compliance, Risk Management and Internal Audit functions, the role will help ensure appropriate governance, security controls, regulatory compliance and operational resilience across the organisation.

Key Responsibilities

IT Infrastructure & Operations

• Manage the organisation's network, server, storage and cloud infrastructure environments.
• Ensure the availability, performance and security of all technology services.
• Oversee system upgrades, patch management and infrastructure lifecycle planning.
• Manage secure connectivity across all offices, remote users and third-party platforms.

Cybersecurity & Information Security

• Lead the operational implementation of the organisation's cybersecurity framework.
• Monitor cyber threats, vulnerabilities and security incidents.
• Manage firewalls, endpoint protection, identity management and access controls.
• Coordinate security assessments, penetration testing and remediation activities.
• Maintain information security policies, standards and procedures.
• Act as the primary operational lead supporting the organisation's Chief Information Security Officer (CISO) responsibilities where applicable.

Governance, Risk & Compliance (GRC)

• Support the implementation of technology governance and risk management frameworks.
• Coordinate technology-related regulatory requirements and audit activities.
• Maintain IT risk registers and monitor remediation actions.
• Work closely with Compliance and Risk functions to ensure ongoing regulatory adherence.
• Support internal and external audits relating to cybersecurity and technology controls.

Business Continuity & Operational Resilience

• Maintain disaster recovery and business continuity plans.
• Coordinate periodic testing and resilience exercises.
• Ensure backup and recovery solutions meet business requirements.
• Support cyber incident response and operational recovery activities.

Data Protection & Privacy Support

• Support the implementation of data protection controls and information handling requirements.
• Work alongside the designated Data Privacy Officer to ensure technology controls align with privacy obligations.
• Assist with data classification, retention and protection requirements.
• Support investigations relating to data security incidents and breaches.

Vendor & Third-Party Risk Management

• Manage relationships with technology suppliers and service providers.
• Conduct technology and cybersecurity due diligence reviews.
• Monitor third-party compliance with contractual and security requirements.
• Support procurement and vendor governance activities.

Leadership & Stakeholder Management

• Lead and develop the IT Security and Infrastructure team.
• Provide regular reporting to the Head of IT and senior management.
• Collaborate with Compliance, Risk, Internal Audit and business stakeholders.
• Promote a strong culture of cybersecurity awareness and operational excellence.

Education & Qualifications

Education

• Bachelor's Degree in Information Technology, Computer Science, Cybersecurity, Information Systems, Computer Engineering or a related discipline.
• Master's Degree in Information Security, Cybersecurity, Technology Management or Business Administration (MBA) would be advantageous.

Professional Qualifications & Certifications (Preferred)

One or more of the following professional certifications is preferred:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• ISO 27001 Lead Implementer or Lead Auditor
• Certified Ethical Hacker (CEH)
• CompTIA Security+
• Microsoft Certified: Azure Security Engineer Associate
• Cisco Certified Network Professional (CCNP)
• ITIL Foundation or ITIL 4 Managing Professional

Experience

• Minimum 7–10 years' experience in IT Infrastructure, Cybersecurity and Technology Operations.
• Minimum 3 years' experience in a leadership or management role.
• Experience within insurance, banking, financial services or other regulated environments preferred.
• Strong understanding of information security frameworks, technology risk management and regulatory compliance requirements.
• Hands-on experience managing enterprise networks, cloud platforms, cybersecurity controls and business continuity programmes.
• Experience supporting internal and external audits, technology governance and regulatory reviews.

Core Competencies

• IT Infrastructure & Operations Management
• Cybersecurity & Information Security
• Technology Risk Management
• Governance, Risk & Compliance (GRC)
• Cloud Technologies (Microsoft Azure / Microsoft 365)
• Business Continuity & Disaster Recovery
• Vendor & Third-Party Risk Management
• Regulatory Compliance & Audit Coordination
• Leadership & Team Development
• Stakeholder Management & Communication