Job Purpose:
The purpose of the Cyber Risk Management function is to ensure that the Bank’s Cyber Risk exposure is adequately managed in-line with the group wide risk appetite and Operational Risk framework. Role includes Identify, assess and manage cyber risk in line with the Group enterprise risk management strategy. The responsibility of role covers oversight for the Emirates NBD Group and subsidiaries within UAE and International locations.
Job Content:
Technology Risk Identification, Assessment and Evaluation
Conduct cyber risk assessments to identify potential vulnerabilities, threats, and weaknesses in our Technology platforms and related processes
Analyze the impact and likelihood of identified risks to prioritize them effectively. And synergize the risk mitigation strategies and action plans to address identified vulnerabilities with stakeholder
Implement risk assessment framework, processes and guidelines as assigned or needed to support the Group cyber risk management function.
Prepare and present regular reports on cyber risk assessments, trends, and mitigation efforts to senior management.
Collect information and review documentation to ensure that risk scenarios are identified and evaluated to determine their impact on business objectives.
Identify potential threats and associated risk for business processes, associated data and supporting capabilities to assist in the evaluation of enterprise risk.
Review Information Technology controls and provide recommendation of remediation activities.
Work with Product, Engineering and Security team to improve efficiency of control environments through implementation of automation and process improvement.
Participate in defining strategies for using cloud services as part of the bank’s strategic plan and technology architecture.
Assess and Integrate defense-in-depth security architecture principles to minimize the risk exposure to the Group.
Assess the risk implications of digital innovation and its impact on technology risk profile of the bank. Provide recommendations to optimize the risks and ensure technology policy and process alignment.
Establish and maintain risk assessment capabilities to review and assess digital business models end to end.
Participate in the evaluation, selection and implementation of security platforms and technologies
Technology Control Effectiveness and Enhancement :
Work with key stakeholders (IT and business) to proactively drive the reduction in cyber risks and to improve the security risk posture of Emirates NBD within the Cyber risk appetite
Define controls to reduce the technology fraud and security exposure of the Group.
Ensure robust and efficient control environment is maintained across IT Infrastructure to ensure good operational risk controls in compliance with Emirates NBD policy and procedures.
Lead the continuing development, to keep abreast of new and existing technologies in IT domain
Ensure the risk framework requirement are adhered too by the stakeholders
Periodically assess and improve IT controls, functions, policies and processes to ensure that they are operating effectively and efficiently.
Education:
Relevant business (minimum bachelor) degree
Professional Information security or IT Risk certification
Experiences:
Minimum 7 years’ experience.
Technology Risk management experience
Knowledge & Skills:
Understanding of Technology platform and what makes them vulnerable, and the exploitation factor which could lead to security risk and its related impact
Knowledge of methods and tools used for Cyber security and Technology Risk assessment and mitigation.
Conduct and analyzes risk assessment and mitigation procedures in accordance with organizational policies and standards.
Knowledge of information security assurance principles used to manage risks related to the use, processing, storage, and transmission of information or data
Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures.
Knowledge of various aspects of technologies such as Operating systems, Databases. Front/backend applications, middleware, network and Software development and change management process.
Demonstrate technical expertise and awareness of key industry standards and trends across IT Security and Risk management practices and accredited standards.
Knowledge of information security program management and project management principles and techniques.
Ability to translate technical issues into business-related decision points
Experience in managing senior stakeholders, vendor management etc.
Knowledge of banking related processes.
High execution skills
Fluent in English
You will be redirected to the company website to apply for this position