Job Description
We are seeking an experienced IT Governance Manager to lead the development, implementation, and maintenance of our IT governance framework. The successful candidate will be responsible for ensuring that IT governance practices are aligned with business objectives and comply with regulatory requirements, including SAMA Cyber Security Framework, NDMO-PDPL, and NCA Guidelines.
RequirementsRequirements in red are must.
IT Governance Standards, Frameworks and Guidelines- Responsible for developing, implementing and maintaining Technology Governance standards, framework and guidelines that establish the roles, responsibilities, processes, and standards for IT decision making and oversight across the organization
- Developing and executing the implementation plan to enhance the maturity of IT governance practices and align them with the business objectives
- Manages the creation and quality of the technical documentation as a deliverable in accordance with the standards
- Create and share regular status report with the management and other stakeholders
- Custodian of the IT documentation process across all IT functions and ensures its compliance and consistency.
SAMA Cyber Security Framework , NDMO-PDPL and NCA Guidelines
- Implement and comply with SAMA Cyber Security Framework (CSFW), National Data Management Office (NDMO) and National Cybersecurity Authority (NCA) Guidelines for technology resilience to ensure the security and reliability of the IT systems and services
- Increase the maturity level of Bupa Arabia complying with SAMA CSFW ,NDMO and NCA Guidelines per regulatory requirements and demonstrate the effectiveness of the security measures.
- Monitoring the implementation and performance of the controls and report any deviations or issues to the management.
IT Policies, Procedures and Documentation
- Oversees the creation of IT policies and procedures that define the roles, responsibilities, and rules for IT activities and services.
- Leads and monitors the review and approval process of the IT policies and procedures documentation, ensuring quality and accuracy.
- Aligns the IT policies and procedures with the corporate governance standards and the organization’s vision and mission.
- Maintains and updates the repository of the IT policies and procedures, and communicates them effectively with the IT management and other relevant stakeholders.
- Performs periodic validation on the IT policies and procedures to verify their implementation and compliance.
- Prepares and presents the IT policies, procedures, and documentation review and compliance report, highlighting the strengths, weaknesses, and recommendations for improvement.
IT Audit Reports
- Develop and execute IT audit plans and programs to evaluate the sufficiency and efficiency of IT governance, ISO controls, and performance, and to identify any gaps or weaknesses that need improvement.
- Lead and oversee the observations response process from end to end, ensuring timely and appropriate actions are taken to address the audit findings and recommendations.
- Collaborate with external and internal auditors as required to facilitate the audit process and to ensure the audit objectives and standards are met.
- Coordinate with the internal teams to ensure compliance with the audit observations and to implement the necessary corrective and preventive measures.
- Prepare and present the audit status report to the IT management, highlighting the audit results, progress, issues, and actions.
Risk Management
- Collect and share all Risk-based supervision (RBS) relevant data on a quarterly and annual basis with the risk management team for regulatory reporting and compliance.
- Develop and implement a set of metrics that measure the level and trend of IT risks and define a threshold for each Key risk indicators (KRIs) that triggers an alert or a response action.
- Coordinate with the IT teams to ensure that the KRIs are aligned with the IT risk profile and objectives, and update their values and weights periodically in accordance with the risk management policy and guidelines.
- Create and update a risk register that records the IT risks identified, their sources, causes, likelihood, impact, status, and mitigation strategies.
- Collaborate with the risk management and CS&TR functions to identify, analyze, evaluate, and treat the technology risks that may affect the organization’s assets, operations, reputation, or objectives.
- Establish and maintain a risk register that records the technology fraud risks identified, their sources, causes, likelihood, impact, status, and mitigation strategies.
Technology Business Continuity and Disaster Recovery Management
- Create and execute IT business continuity and disaster recovery plans that align with the organization’s goals and objectives
- Conduct regular tests and exercises to evaluate the effectiveness and readiness of the IT business continuity and disaster recovery plans and report the results and recommendations
- Maintain the availability and functionality of the Information Technology department’s critical operations, systems and services in the event of any disruption, based on the Business Impact Analysis (BIA), Threat and Risk Assessment (TRA) and IT Business Continuity Plan (IT BCP)
- Restore the IT systems and infrastructure of the organization in a timely and efficient manner after any incident that causes disruption (such as a natural disaster, a cyberattack, or a power outage etc.), based on the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) agreed with the Business Continuity Management (BCM) Team and Stakeholders
- Adhere to the relevant regulatory standards and best practices related to BCM and disaster recover