Job Purpose:
Lead the oversight of technology and information security risks across the group to support the enterprise risk management strategy.
Conduct Risk and Control Self-Assessments (RCSA) and develop Key Risk Indicators (KRIs) to monitor the group's risk posture.
Collaborate with technology and business stakeholders at group and international levels to mitigate risks.
Oversee technology domains and investigate complex system or control failure events.
Manage technology risks across business entities and subsidiaries, ensuring regulatory compliance and effective risk reporting.
Provide expert advice to senior management and department heads, maintaining the Technology Risk Register.
Key Responsibilities:
Technology Risk Assessment & Management
Perform RCSA, ORCAs, and challenge the first line of defense (1LoD) risk identification, ensuring robust risk profiling of critical processes (e.g., core banking, fintech SaaS apps).
Support materiality assessments for technology initiatives and scenario planning for cyber threats.
Develop IT risk tolerance models (inherent and residual risks) to inform risk acceptance.
Support the development of cyber risk oversight frameworks and systems.
Technology Risk Oversight
Oversee red teaming exercises, control evaluations (EBCE), and risk-based methodologies across all domains including cloud and AI.
Conduct deep dives into IT processes, identify gaps, and track mitigation actions.
Review cyber threat reports, penetration tests, vulnerability assessments, and recommend remediations.
Lead independent reviews of cyber breaches and control failures.
Oversee incident response plans for cyber incidents, disruptions, and control failures, including core banking and cloud systems.
Oversee logical security frameworks such as IAM, MFA, Privileged Access Management, and ensure compliance.
Manage data privacy and protection risks, ensuring regulatory compliance.
Oversee regulatory submissions related to technology risks.
Risk Reporting & Governance
Monitor and report risk metrics, KRIs, thresholds, and emerging risks to committees and regulators.
Conduct root cause analysis on operational risk events and quantify financial and reputational impacts.
Prepare detailed reports and communicate risks effectively to technical and non-technical stakeholders.
Maintain and update the Technology Risk Register.
Support audit and regulatory reviews, including Basel II/III compliance.
Develop and enhance technology risk governance frameworks aligned with Basel III, ensuring effective oversight and control processes.
Promote risk awareness through training and communication initiatives.
Teamwork & Leadership
Support team development and performance.
Foster collaboration within the team and across departments to achieve unit goals.
Educational & Professional Qualifications:
Bachelor’s degree in Cybersecurity, IT, or a related field (or equivalent experience).
Minimum 7 years of experience in Cybersecurity and Risk Management.
Relevant technical certifications such as OSCP, GCTI, AZ-500, CISSP, CISM, CRISC.
Experience & Skills:
Over 10 years of experience in cybersecurity, IT risk, and financial services.
Expertise in developing cybersecurity frameworks, risk assessments, and control oversight for banking environments.
Proven hands-on experience in red/blue teaming, penetration testing, vulnerability assessments, and incident response.
Extensive knowledge of cloud technologies, AI, blockchain, IoT, and emerging tech.
Strong understanding of regulatory frameworks from CBUAE, SAMA, MAS, FCA, and others.
Ability to translate technical risks into business context for leadership decision-making.
Excellent communication, stakeholder management, and vendor management skills.
High level of execution, analytical, and investigative capabilities.
Knowledge & Competencies:
Expertise in cyber threat detection, monitoring, and remediation tools.
Skills in risk quantification models (e.g., FAIR).
Familiarity with operational risk principles, including fraud and reputational risk.
Strong understanding of banking processes, regulatory requirements, and governance frameworks.
Ability to lead and influence senior stakeholders and cross-functional teams.
You will be redirected to the company website to apply for this position