To execute the Technology Risk Management activities by evaluating risks and providing on demand advisory to improve technology risk remediation.
1.Perform directly to rollout independent Technology Risk Assessments in the following scenarios:
a.Technology Projects and Digital Transformation.
b.Reviews of First Line Function effectiveness for Technology Risk controls
c.On demand following technology incidents.
2.Assist risk owners on design & implementation of Technology Risk Remediation Plans by providing expertise (Technical, functional and procedural) and provide guidance for risk based decisions.
3.Identify and validate Technology Risks upon reviewing Internal & External Audit Reports, Technology Risk Notes, Technology Incidents and contribute to their associated action plans to mitigate the same.
4.Handle all of the Technology Risk Management Activities including but not limited to reviewing & qualifying the different risk notes and ensuring the relevant updates are reflected in the central risk register, communicating and notifying risk owners with relevant technology risks, coordinating with the relevant stakeholders on the different risk remediation plans.
5.Update the different Technology Risk Management Documentation Corpus
6.Assessment of metrics and Key Risk Indicators breaches to monitor the effectiveness of the controls and ensure proper risk mitigation.
7.Contribute with relevant departments to identify risks, risk gaps and early warning signals for Technology Risks that could arise from any change in systems, services, processes or procedures.
8.Assist in defining, maintaining and enriching Technology Risk Managements’ Metrics, Taxonomy and Severity Scale as well as proficiently practice Technology Risk Management techniques, methods and tools that were designed to ensure that all Technology risks are adequately captured and managed. Moreover, prepare training materials and carry out communications activities in alignment with relevant stakeholders in order to improve mindset and knowledge.
9.Track and follow up with 1st Line of Defense of the Technology risks, which are still under assessment in the centralized risk register.
10.Assist in reviewing the different risk treatment plans related to Technology Risk Management in cooperation with relevant stakeholders prior submitting to the relevant committees, to ensure effective response to identified technology risks
§Bachelor of Engineering, Computer Science, Information Technology or its equivalent.
§For Officer 3 – 5 years in Information Technology, internal or external IT audit or a related discipline with Risk Management background.
§For Senior Officer 5 – 8 in Information Technology, internal or external IT audit or a related discipline with Risk Management background.
§Good knowledge of the Banking business environment, technology controls and Risk Management.
§Knowledge & experience with at least one of the Risk Management Framework: ISO31K, FAIR.
§Recommended relevant industry certifications, including but not limited to:
·Risk Manager ISO 27005
·IT Infrastructure Library (ITIL) Foundation.
·GIAC Critical Controls Certification (GCCC).
·Certified Information System Auditor (CISA)
·Certified Risk and information Systems Control (CRISC)
اطلب مساعدة الخبراء لكتابة سيرة ذاتية مميزة.