IT Security Manager (Qatarization)

About the role

The Manager – IT Security will lead Qatari Diar’s cybersecurity function, overseeing the protection and continuous improvement of the organization’s information assets. This senior position is focused on Qatarization, requiring a Qatari professional to design, implement and enforce security policies in line with local regulations and global standards.

Key responsibilities

• Develop, maintain and enforce enterprise‑wide information security standards and policies.
• Conduct regular risk assessments, identify vulnerabilities and implement mitigation strategies.
• Measure and monitor compliance with legal frameworks such as NCSA, NIA, Qatar’s PDPPL and international best practices.
• Design and maintain security architecture based on ISO/IEC 27001, NIST and CIS controls.
• Direct continuous vulnerability scanning and coordinate periodic penetration testing across infrastructure, cloud environments and applications.
• Partner with IT infrastructure teams to design, test and maintain disaster recovery and business continuity plans.
• Enforce strict authentication, network and system access controls.
• Develop secure configurations for cloud environments, Zero Trust networks, firewalls and endpoint detection and response solutions.
• Lead security awareness campaigns and simulated phishing exercises.
• Head incident response efforts during cyber threats, data breaches or critical vulnerabilities.

Required profile

• Qatari national with a bachelor’s degree in Information Systems, Cyber Security or a related discipline (master’s preferred).
• 10+ years of experience in an IT security environment.
• Professional certifications such as CISSP, CISM and ITIL Foundation are a plus.
• Strong technical proficiency with security‑related hardware and software.

Required skills

• Vulnerability scanning
• Penetration testing
• Cloud security
• Firewalls
• Endpoint detection and response (EDR)
• Zero Trust network design
• ISO/IEC 27001 implementation
• NIST framework application
• CIS controls adoption
• Disaster recovery planning
• Business continuity planning
• Authentication controls
• Network and system access controls
• Security architecture design