Role Purpose
Purpose of the role is to ensure strong information security technical governance, assurance on Third parties , Partners security risks, oversight across the bank for activities associated with Information Security Engineering including Cybersecurity Strategy, IS Governance, compliance, assurance and Risk Management by applying sound cybersecurity principles and practices.
Role Responsibilities
Reporting to the Head of Engineering, the Head of Information Security Risk Management is responsible for:
- overseeing Third Party risk management and assist in the review and maintenance of the third-party risk management framework to cater for the Group’s needs and requirements.
- Ensure that third party risks are well evaluated and integrated with other engineering practices and Cloud providers
- Lead the development of information security risk mitigation strategies to ensure that risks are reduced to an acceptable level for all third parties, comply with relevant information security laws and regulations, increase operational efficiency, and achieve bank's information security objectives.
Specialist Skills / Technical Knowledge Required For This Role
- Excellent interpersonal, verbal, written and presentation skills.
- Expertise in information security processes, technologies, and solutions
- Strong knowledge of banking processes and modus operandi
- Knowledge of GRC tools and other risk management and governance tools and platforms
- Expertise in local and international information security standards, best practices, frameworks and regulations such as ISO 27001, NESA, PCI DSS, SWIFT CSP, COBIT, Risk IT, ISACA IT Audit, BIMS, CMMI, NIST…etc
- Expertise in managing information security policies, framework, procedures and governance models.
- Good knowledge of data privacy governance and controls,
- Bachelor’s degree or master’s degree (preferred) in engineering, IT, or a technical discipline
- Professional certifications such as: CCIE, CISSP, CISA, CISM, CRISC, CGEIT, PMP, ITIL, COBIT, CIA, CRMA, CIPM, CIP…
Previous Experience
- More than 15 years of experience in information security with a focus on strategy development, governance development, assurance, compliance, policies, frameworks and procedures design, risk management, and performance management
- Leadership position, in charge of a team of information security teams and/or professionals
- Strong experience in information security strategy design, planning, budgeting, governance, assurance, compliance, policies, risk management, and performance management
Strong executive experience including management-level discussions
