Organization Unit Purpose
To support the implementation of the Emirates NBD Operational Risk management framework and its associated controls through the associated policies and risk management tools in an integrated, transparent and consistent way.
Job Purpose
The purpose of the Cyber Risk Management function is to ensure that the Bank’s Cyber Risk exposure is adequately managed in-line with the group wide risk appetite and Operational Risk framework. Role includes Identify, assess and manage cyber risk in line with the Group enterprise risk management strategy. The responsibility of role covers oversight for the Emirates NBD Group and subsidiaries within UAE and International locations.
Job Content
Technology Risk Identification, Assessment and Evaluation
- Conduct cyber risk assessments to identify potential vulnerabilities, threats, and weaknesses in our Technology platforms and related processes
- Analyze the impact and likelihood of identified risks to prioritize them effectively. And synergize the risk mitigation strategies and action plans to address identified vulnerabilities with stakeholder
- Implement risk assessment framework, processes and guidelines as assigned or needed to support the Group cyber risk management function.
- Prepare and present regular reports on cyber risk assessments, trends, and mitigation efforts to senior management.
- Collect information and review documentation to ensure that risk scenarios are identified and evaluated to determine their impact on business objectives.
- Identify potential threats and associated risk for business processes, associated data and supporting capabilities to assist in the evaluation of enterprise risk.
- Review Information Technology controls and provide recommendation of remediation activities.
- Work with Product, Engineering and Security team to improve efficiency of control environments through implementation of automation and process improvement.
- Participate in defining strategies for using cloud services as part of the bank’s strategic plan and technology architecture.
- Assess and Integrate defense-in-depth security architecture principles to minimize the risk exposure to the Group.
- Assess the risk implications of digital innovation and its impact on technology risk profile of the bank. Provide recommendations to optimize the risks and ensure technology policy and process alignment.
- Establish and maintain risk assessment capabilities to review and assess digital business models end to end.
- Participate in the evaluation, selection and implementation of security platforms and technologies
Technology Control Effectiveness and Enhancement
- Work with key stakeholders (IT and business) to proactively drive the reduction in cyber risks and to improve the security risk posture of Emirates NBD within the Cyber risk appetite
- Define controls to reduce the technology fraud and security exposure of the Group.
- Ensure robust and efficient control environment is maintained across IT Infrastructure to ensure good operational risk controls in compliance with Emirates NBD policy and procedures.
- Lead the continuing development, to keep abreast of new and existing technologies in IT domain
- Ensure the risk framework requirement are adhered too by the stakeholders
- Periodically assess and improve IT controls, functions, policies and processes to ensure that they are operating effectively and efficiently.
Education
- Relevant business (minimum bachelor) degree
- Professional Information security or IT Risk certification
Experiences
- Minimum 7 years’ experience.
- Technology Risk management experience
Knowledge & Skills
- Understanding of Technology platform and what makes them vulnerable, and the exploitation factor which could lead to security risk and its related impact
- Knowledge of methods and tools used for Cyber security and Technology Risk assessment and mitigation.
- Conduct and analyzes risk assessment and mitigation procedures in accordance with organizational policies and standards.
- Knowledge of information security assurance principles used to manage risks related to the use, processing, storage, and transmission of information or data
- Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures.
- Knowledge of various aspects of technologies such as Operating systems, Databases. Front/backend applications, middleware, network and Software development and change management process.
- Demonstrate technical expertise and awareness of key industry standards and trends across IT Security and Risk management practices and accredited standards.
- Knowledge of information security program management and project management principles and techniques.
- Ability to translate technical issues into business-related decision points
- Experience in managing senior stakeholders, vendor management etc.
- Knowledge of banking related processes.
- High execution skills
- Fluent in English
Behavioral Competencies
- Self-learning ability
- Organized forward thinking
- Collaborative working style and team focused
- Ability to multi-task
- Execution Focused
- Quality Focused
- Problem Solver
- Integrity driven
#LI-KS1