The Risk Management Group is responsible for measuring risks that the bank may face in the course of its operations, developing corporate risk management policies and ensuring that risk remain within the limits in which the Bank prefers to bear such risks in line with its own strategic targets and risk appetite. Within the Risk Management Unit, Technology Risk is responsible for overall management of technology risk within bank’s defined risk appetite and associated risk limits. The Technology Risk is responsible for managing risk related to information technology. Key responsibilities of the role would be to:
· Perform evaluation of new technology / project implementations or upgrades on existing technologies or projects
· Conduct technology risk assessments for applications used by international regions.
· Review the Risk Control Self Assessments performed by IT Governance.
· Review closure of issues identified as a part of TRA and IT RCSA
· Actively contribute to the security risk management program for the bank.
· Define ratings for Risks and Controls and calculate the inherent and residual risk for the service (as per the defined rating methodology)
Key Accountabilities:
Ø Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
Ø Recommend the implementation of technical controls to support and enforce defined security policies.
Ø Assess and report on threats, vulnerabilities and residual risk identified as a part of risk assessment.
Ø Manage security projects and provide expert guidance on security matters for other IT projects.
Ø Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department
Ø Evaluate and assess emerging security threats and vulnerabilities in banking industry and work to identify appropriate controls.
Ø Review and provide recommendations to IS policies, standards, guidelines/ processes.
Actively participate and contribute to common ISO initiatives
Key performance indicators (kpis):
· Timely Identification of key Risk and Mitigating key Risk
· Timely Deliverable
· Non Compliance to standards
Knowledge, sKILLS, & EXPERIENCE:
Minimum Qualifications: Should have Degree or Master’s Degree in computer science or equivalent in related domain
§ Certification like CISSP, CISA, CISM, CRISC is recommended
Minimum Experience: 5 or more years of experience in Information Security
Knowledge, Skills, and Attributes:
§ Knowledge of ISO27001 & ISO31000 standards and security best practices
§ Knowledge of NESA, PCI, SAMA and other standards/ regulatory requirements
§ Knowledge on Financial applications
§ Experience in managing external compliance auditors
Skills:
§ Highly developed communication skills, both verbal and written
§ Conduct Technology Risk Assessment for new technology / project implementations or upgrades on existing technologies or projects.
§ Review IT Risk and Control Self Assessments
§ Review closure of issues identified as a part of TRA and IT RCSA
§ Demonstrate strong relationship management skills
§ Possess advanced problem solving skills
§ Possess good Project Management skills