AVP, IT Risk Planning & Oversight Full-time Job2 months ago - Banking - Abu Dhabi - 1K views
The selected candidate will assist Head of IT Governance & Controls to roll out IT Governance framework, policies and processes across international locations. The candidate will be responsible to understand local regulations and recommend changes where required. The jobholder will also be responsible to manage various reviews & audits for IT Governance/Management/Operations.
Technology Risk Management Framework:
- Establish IT risk management framework to identify, analyse, mitigate, manage, monitor, and communicate IT risks.
- Work with Group Security Officer to ensure the implementation of security controls within GIT
- Maintain standard technology risk and control library.
- Define and implement the cyber risk assessment model and analysis approaches.
- Ensure adoption of agile practices to effectively manage cyber risks.
- Understand how cyber risk fits into overall Technology Risk Management and ensure integration.
- Identify, agree and manage various assurance initiatives and internal reviews across GIT
- Ensure due diligence of cloud service providers and oversee ongoing cloud service providers security assessments.
- Evaluate cloud solutions and determine risk of technology architecture, implementation, and suitability for the organization.
- Conduct in-depth technical security reviews, risk assessments, and architecture reviews for Cloud based technologies and solutions to ensure alignment with information security policies and technology guidelines.
- Provide risk management guidance and advice to technology teams on cloud technologies and digital solutions.
Technology Risk Identification & Assessments:
- Ensure IT risks are identified and managed as per the agreed IT risk appetite and tolerance levels.
- Manage various risk assessment activities in GIT and act as a single point of contact for GIA & GSO assessments.
- Support and help technology teams on various risk and control assessments.
- Participate in Project & Change reviews to ensure appropriate treatment of technology risks.
- Work with technology teams to ensure implementation of comprehensive solutions to protect organization information assets
- Manage periodic risk assessment activities to identify vulnerabilities, threats and control effectiveness.
- Periodically identify the risks that might compromise cyber security.
- Analyse the severity of each risk by assessing likelihood and impact. Agree with stakeholders on the residual risk ratings and potential risk exposure.
- Qualify/quantify exposures and vulnerabilities on a big-picture scale to create a thorough understanding of the risk environment.
Technology Risk Treatment & Review:
- Oversee development of risk treatment strategies to maintain the bank’s risk posture at the desired level.
- Engage with various IT teams to review risk profile, risk treatment strategies and action plans.
- Ensure proper implementation of risk treatment options such as mitigation, transfer, acceptance etc.
- Regularly review current risk measures and ensure implementation of adaptive approach to manage evolving cyber risks.
Technology Risk Monitoring & Reporting:
- Identify and define Key Risk Indicators (KRI) to monitor high risk areas.
- Deliver periodic risk profile reports and KRI reports to senior management
- Review Major incident Reports and ensure proper risk/control measures are identified to prevent incident reoccurrence
- Manage Technology risk committee meetings and ensure closure of action items
- Bachelor’s degree in Information Technology or related discipline
- Master’s degree in Business Administration is preferred
- ITIL Expert
- Professional Certification like CISA and COBIT5 implementer
- 10 or more years of working experience in IT Security, Risk and Governance practices
- 3+ years of experience working in leadership role IT Security, Risk and Governance
- Knowledge and expertise in virtualization and cloud computing environments (different cloud models and types).
- Hands on experience in using various Cloud Security best practices such as Cloud Security Alliance (CSA) guidelines and National Institute of Standards and Technology (NIST) guidelines
- Demonstrated experience in conducting technical risk assessments for various Cloud platforms
- Good understanding of process models and industry standards relating to IT Security, Risk and Governance
- Good understanding of security and risk management in financial institutions
- Excellent knowledge all aspects of technology: infrastructure; operations, security, development, change/transformation, support, innovation, vendor management etc., and banking related processes especially risk management. Should have demonstrable experience of working in many of these domains
- Strong analytical capabilities and knowledge of related tools and processes. Proven ability to handle volume detail and summarize effectively
- Good understanding of banking related environments – especially around high availability, data confidentiality, security etc
- Evidence of influencing senior stakeholders and dealing with external auditors and regulators
- Excellent interpersonal skills and good oral and written communication skills
- Achievement of industry recognized certifications such as CISSP, CRISC, CCSP, CCSK, CISA etc.
- Achievement of AWS and Azure cloud certifications is preferable
- Relationship management and influencing skills
- Big picture thinker with attention to details
- Strong change and communication skills
- Strong analysis and interpersonal skills
- Resource (time and people) management skills