Now it’s your time to join the #1 bank in the Middle East and one of the most prestigious financial companies in the region. Shaking up the world of banking requires a lot of smarts and skill. We’re looking for the brightest and best to help us reach our goals and we’ll also help you reach yours. Your success is our success as you grow stronger in your career. Join us and leave a legacy of your own, as a pioneer in both the company and the industry.

Technology Risk Management Framework:

Establish IT risk management framework to identify, analyse, mitigate, manage, monitor, and communicate IT risks.

Ensure adherence to Group Security policies and standards for effective implementation of security controls within GIT.

Contribute towards maintenance of standard technology risk and control library.

Implement the cyber risk assessment model and analysis approaches.

Understand how cyber risk fits into overall Technology Risk Management and ensure integration.

Identify, agree and manage various assurance initiatives and internal reviews across GIT

Cloud Management

• Ensure due diligence of cloud service providers and oversee ongoing cloud service providers security assessments.
• Evaluate cloud solutions and determine risk of technology architecture, implementation, and suitability for the organization.
• Ensure cloud service providers contracts are compliant to Group policies/processes and relevant controls are considered in the contract with cloud service providers.
• Assess the risk implications of digital innovation and its impact on technology risk profile of the bank. Provide recommendations to optimize the risks and ensure technology policy and process alignment.
• Support and maintain risk assessment capabilities to review and assess digital business models end to end.
• Work with business and technology teams to better understand digital business risk and facilitate a balance between the need to protect the organization and the need to optimize customer experience.
• Conduct in-depth technical security reviews, risk assessments, and architecture reviews for Cloud based technologies and solutions to ensure alignment with information security policies and technology guidelines.
• Provide risk management guidance and advice to technology teams on cloud technologies and digital solutions.

DevOps/DevSecOps/Agile Practices

• Provide inputs to development and maintenance of policies, frameworks, methods and standards for the DevOps and agile practices.
• Work with technology teams to embed automated controls across delivery pipeline. Collaborate with service teams to ensure CI/CD pipeline delivers faster time-to-market for the product and positive customer experience.
• Monitor and support integration and standardization of related development methodologies across Technology service lines.
• Facilitate the “shift to the left” approach of moving a task to an earlier stage in the development cycle to ensure the risk and security standards are met from the beginning
• Advocate adaptation of continuous feedback loop mechanisms and ensure team members are regularly prompted to improve the development and maintenance of the solutions.
• Coach agile teams in the methodology and ensure training is provided to employees on the agile practices.
• Evaluate possible bottlenecks of running the application in production and suggest service improvement plans.
• Ensure compliance and security best practices are incorporated throughout the development process.

Technology Risk Identification & Assessments:

• Ensure timely identification and assessment of IT risks throughout software development / acquisition lifecycle.
• Ensure IT risks are managed as per the agreed IT risk appetite, tolerance levels and in accordance with remediation plans and target dates defined in alignment with Group Policies.
• Support and help technology teams on various risk and control assessments activities.
• Participate in Project & Change reviews to ensure appropriate treatment of technology risks.
•  Work with technology teams to ensure implementation of comprehensive solutions to protect organization information assets.
• Manage periodic risk assessment activities to identify vulnerabilities, threats and control effectiveness.
• Periodically identify the risks that might compromise cyber security.
• Analyze the severity of each risk by assessing likelihood and impact. Agree with stakeholders on the residual risk ratings and potential risk exposure.
• Qualify/quantify exposures and vulnerabilities on a big-picture scale to create a thorough understanding of the risk environment.

 Technology Risk Treatment & Review:

• Oversee development of risk treatment strategies to maintain the bank’s risk posture at the desired level.
• Engage with various IT teams to review risk profile, risk treatment strategies and action plans.
• Ensure proper implementation of risk treatment options such as mitigation, transfer, acceptance etc. and help IT teams in closure of risks/issues.
• Regularly review current risk measures and ensure implementation of adaptive approach to manage evolving cyber risks.

Technology Risk Monitoring & Reporting:

• Identify and define Key Risk Indicators (KRI) to monitor high risk areas.
•  Deliver periodic risk profile reports and KRI reports to senior management.
•  Review Major incident Reports and ensure proper risk/control measures are identified to prevent incident reoccurrence.
• Manage Technology risk committee meetings and ensure closure of action items

Knowledge & Experience:

• 10 or more years of working experience in IT Security, Risk and Governance practices.
•  3+ years of experience working in leadership role IT Security, Risk and Governance.
• Knowledge and expertise in virtualization and cloud computing environments (different cloud models and types).
• Hands on experience in using various Cloud Security best practices such as Cloud Security Alliance (CSA) guidelines and National Institute of Standards and Technology (NIST) guidelines.
•  Demonstrated experience in conducting technical risk assessments for various Cloud platforms.
• Good understanding of process models and industry standards relating to IT Security, Risk and Governance.
• Good understanding of security and risk management in financial institutions.
• Excellent knowledge all aspects of technology: infrastructure; operations, security, development, change/transformation, support, innovation, vendor management etc., and banking related processes especially risk management. Should have demonstrable experience of working in many of these domains.
•  Strong analytical capabilities and knowledge of related tools and processes.  Proven ability to handle volume detail and summarize effectively.
• Good understanding of banking related environments – especially around high availability, data confidentiality, security etc.
• Evidence of influencing senior stakeholders and dealing with external auditors and regulators.
• Excellent interpersonal skills and good oral and written communication skills.
•   Achievement of industry recognized certifications such as CISSP, CRISC, CCSP, CCSK, CISA etc.
• Achievement of AWS and Azure cloud certifications is preferable.

 Skills:

•  Relationship management
• Influencing skills
• Big picture thinker with attention to details
• Strong change and communication skills
• Strong analysis skills
• Strong interpersonal skills
• Resource (time and people) management skills