Head of IS Risk Management

Role : Head of IS Risk Management
Location : Abu Dhabi

Role Purpose:

Purpose of this role is to ensuremanaging and overseeing the full spectrum of information security risk management while ensuring completion of review of the risk management framework to cater for the Groups needs and requirements. It additionally involves identifying assessing and treatingrisksto the confidentiality integrity and availability of ADIBs assets.

Key Accountabilities of the role

• Manage and supervise cybersecurity risk assessment for business services processes and technologies.

• Stay abreast of global and regional information security threats by reviewing threat intelligence reports from Group Information Security Departments (GISD) Cyber Threat Intelligence unit and reflect findings while identifying risks

• Reviewing security/vulnerabilities assessments and penetration testing reports delivered by GISDs Attack Surface Reduction unit and reflecting findings while identifying risks

• Identify and prioritize risk scenarios and report to management.

• Ensure proper delivery of ad-hoc and planned risk assessments in accordance with internal information security policies and requirements or external information security regulations and standards

• Oversee and manage risk monitoring plans and collaborate with relevant business units to ensure an effective implementation of mitigation controls

• Manage the implementation of systems and tools to automate the end-to-end information security risk management cycle

• Work with the Head of IS Governance and Risk Management for the continuous improvements in policies procedures standards and guidelines in line with riskassessment findings and recommendations

• Present management reports highlighting the Groups risk status and posture

• Supervise information security related projects such as security integration into coding and testing to assess the associated information security risks

• Finalize and confirm report on risk management KPIs

• Identify initiatives with Head of IS Governance and Risk Management to continuously improve risk performance and develop remediation steps that help the Group entities reduce the risk to an acceptable level comply with applicable laws and regulations increase operational efficiency and meet IS goals and objectives

• Participate in communicating risk status to relevant internal / external stakeholders as well as risk remediation plans to relevant stakeholders and follow up on their implementation

• Improve/develop QA routines and controls to ensure appropriate focus on risk reduction within defined timelines.

• Measure monitor and report on information security risks.
• Review and report on vendor/third party risk supporting vendor risk management activities.
• Engage staff and/or vendors to develop information security risk mitigation plans to address risks identified in Vendor risk reviews.
• Monitor and report on information security risk mitigation plans to ensure timely execution.
• Engage employees in the management of information security risk and ensure they are aware of their accountabilities regarding information security risk management.
• Regularly assess and report to management any exceptions to information risk management policies procedures and limits
• Align with VA/PT team to validate IS Risks.
• Alignment with ORM ITD BCM VCMP and any other relevant stakeholders.
• Develop strategic tactical and operational risk dashboard reports.
• Develop Threat Modelling Process that utilizes quantitative and qualitative risk management measures.
  

Specialist Skills / Technical Knowledge Required for this role:

• Strong knowledge of banking and financial institutions processes and modus operandiinformation security technologies processes and systems

• Bachelors degree (masters degree preferred) in technology or related field or equivalent years of relevant work experience is required
• Experience in banking and financial service sector preferred

• Good business and supervisory acumen

• Familiar with GRC tools and other risk management platforms

• Knowledge of ISO 27001 NESA SWIFT CSP PCI DSS and other information security standards and regulations

• Certified Information Systems Security Professional (CISSP) or Certified in Risk and Information Systems Control (CRISC) Certifications are strongly preferred.