Head of Centre IT Quality Assurance

Oman Investment Authority

Key Roles and Responsibilities:

Policies & Processes

Ensure the effective implementation, maintenance, and periodic review of all IT policies, standards, and procedures, ensuring full compliance with internal governance frameworks and external regulatory requirements.

Main Responsibilities:

• Ensure the effective implementation, maintenance, and periodic review of all IT policies, procedures, standards, and controls, ensuring full alignment with internal governance frameworks and external regulatory requirements.
• Establish, maintain, and continuously enhance IT Quality Assurance and control processes in line with recognized frameworks such as ITIL, COBIT, ISO/IEC 27001, and applicable regulatory requirements.
• Monitor and evaluate compliance with Information Security policies issued by the Risk & Compliance Department, ensuring consistent application across all IT activities.
• Perform technical oversight of compliance with cybersecurity standards across IT projects, including data protection, incident response, and access control mechanisms.
• Verify the consistency and alignment of approved IT procedures, processes, manuals, and standards, and assess the level of adherence across the IT Division.
• Monitor the implementation of Information Security controls, IT risk mitigation measures, internal audits, regulatory reviews, and compliance assessments regularly.
• Ensure that all IT activities comply with internal policies and external regulatory obligations, including directives issued by regulators and oversight bodies.
• Coordinate and manage internal and external IT audits, information security audits, and regulatory reviews, ensuring:
• Timely provision of required evidence
• Effective coordination with stakeholders
• Tracking and closure of audit observations and findings
• Act as the primary liaison between IT, Risk & Compliance, and Information Security to ensure alignment across quality, risk, and compliance initiatives.
• Develop and maintain processes for documenting, tracking, and resolving quality-related issues, supporting continuous improvement in performance and user satisfaction.
• Provide independent assurance, in alignment with the Business Impact Analysis (BIA) issued by Risk & Compliance, to confirm that:
• All critical IT systems and supporting infrastructure are identified
• Required resources are available and fit for purpose
• Approved Business Continuity (BCP) and Disaster Recovery (DR) requirements are met
• Perform periodic readiness validation, identify gaps, and issue formal reports with recommendations.
• Verify that the design and implementation of security architecture comply with Information Security requirements, including Multi-layered defense models, Firewalls, Intrusion detection and prevention systems, and Encryption technologies.
• Ensure the readiness and effectiveness of incident response plans for security breaches and cyber incidents, in accordance with Risk & Compliance guidelines, to minimize operational impact.
• Ensure compliance with data protection controls to safeguard the confidentiality, integrity, and availability of sensitive and personal data.
• Oversee IT project contracts and vendor management, ensuring compliance with contractual terms, service levels, and delivery obligations.
• Review and evaluate IT budget utilization, ensuring adherence to approved financial controls and identifying cost optimization opportunities.
• Monitor and control IT OPEX and CAPEX, ensuring financial discipline, budget alignment, and value realization.
• Provide financial insights and analysis to support strategic IT investment decisions and long-term planning.
• Ensure that IT policies, practices, and control frameworks are aligned with MCD s long-term digital transformation objectives.
• Identify opportunities to improve IT processes, proposing enhancements that strengthen efficiency, resilience, governance, and innovation.
• Support IT projects by providing quality, risk, and compliance guidance, ensuring adherence to security and governance requirements throughout the project lifecycle.

Reports:

• Prepare and publish weekly, monthly, and quarterly IT Quality Assurance and performance dashboards, covering
• KPIs, SLAs, OLAs, Audit & compliance status, Risk indicators, and Process adherence and maturity levels.
• Monitor IT service performance and recommend improvements to stability, availability, resilience, and user experience.