Senior IT Risk Analyst

At Emirates, we believe in connecting the world, to and through, our global hub in Dubai and in constantly innovating to ensure our customers ‘Fly Better’. Our cyber security team are on the market for a dynamic and experienced IT Risk Analyst to join their team. 

The successful candidate will be responsible for maintaining the IT Risk Management framework, and perform risk assessments on Cyber Security, third party  IT operations and project and programmes. In addition, they will also maintain the Cyber Security governance framework, review policies and standards, and conduct Cyber Security awareness campaigns. 

Job Accountabilities Linked to Objective Areas: 

• Ensure a comprehensive IT Risk Management framework is established to identify, analyse, mitigate, monitor and communicate IT risks across Emirates IT.
• Collect IT risks identified through various channels (e.g. risk assessments, incidents), log them in the IT Risk Register and perform continuous monitoring activities.
• Perform regular risk assessments on Third Party, Cyber Security, project and programmes and IT operations.
• Perform risk assessment reports and present the results to management.
• Produce regular risk reports for all IT departments, and top risks report for senior management.
• Develop Key Risk Indicators (KRIs) for IT and create dashboards for continuous monitoring of the risks.
• Conduct regular IT and Cyber Security maturity assessments, bench-marking assignments and gap assessments against industry best practices to identify areas of improvement.
• Periodically assess, improve and develop Cyber Security controls, policies, processes and standards.
• Design, develop and maintain a Cyber Security scorecard by business area, to assess the Cyber Security posture.
• Identify key metrics covering all Cyber Security areas, automate the data collection and scorecard production for all business areas, present the scorecard to the business.
• Monitor and track IT regulatory requirements and keep abreast of emerging risks and industry standards, and assess the potential impact on the organisation as well as produce regular reports to senior management.
• Support / contribute to the IT security awareness campaign by organising roadshows, publishing articles, or conducting on-site Cyber Security training.
• Conduct awareness training and workshops on IT risk management.
• Assess, review and action requests for exceptions to policies and standards from all levels of the organization, both corporate and IT users.
• Maintain an up-to-date repository of all the exceptions granted and communicate the exceptions to relevant business/ technical units.