Head Of IS Risk Management

Role       : Head of IS Risk Management
Location : Abu Dhabi

Role Purpose:

Purpose of this role is to ensure managing and overseeing the full spectrum of information security risk management while ensuring completion of review of the risk management framework to cater for the Group’s needs and requirements. It additionally involves identifying, assessing, and treating risks to the confidentiality, integrity, and availability of ADIB’s assets.
    
Key Accountabilities of the role  

• Manage and supervise cybersecurity risk assessment for business services, processes, and technologies.

• Stay abreast of global and regional information security threats by reviewing threat intelligence reports from Group Information Security Department’s (GISD) Cyber Threat Intelligence unit and reflect findings while identifying risks

• Reviewing security/vulnerabilities assessments and penetration testing reports delivered by GISD’s Attack Surface Reduction unit, and reflecting findings while identifying risks

• Identify and prioritize risk scenarios and report to management.

• Ensure proper delivery of ad-hoc and planned risk assessments in accordance with internal information security policies and requirements or external information security regulations and standards

• Oversee and manage risk monitoring plans and collaborate with relevant business units to ensure an effective implementation of mitigation controls

• Manage the implementation of systems and tools to automate the end-to-end information security risk management cycle

• Work with the Head of IS Governance and Risk Management for the continuous improvements in policies, procedures, standards, and guidelines in line with risk assessment findings and recommendations

• Present management reports highlighting the Group’s risk status and posture

• Supervise information security related projects such as security integration into coding and testing to assess the associated information security risks

• Finalize and confirm report on risk management KPIs

• Identify initiatives with Head of IS Governance and Risk Management to continuously improve risk performance and develop remediation steps that help the Group entities reduce the risk to an acceptable level, comply with applicable laws and regulations, increase operational efficiency, and meet IS goals and objectives

• Participate in communicating risk status to relevant internal / external stakeholders as well as risk remediation plans to relevant stakeholders and follow up on their implementation

• Improve/develop QA routines and controls to ensure appropriate focus on risk reduction within defined timelines.

• Measure, monitor, and report on information security risks. 
• Review and report on vendor/third party risk supporting vendor risk management activities.
• Engage staff and/or vendors to develop information security risk mitigation plans to address risks identified in Vendor risk reviews. 
• Monitor and report on information security risk mitigation plans to ensure timely execution.
• Engage employees in the management of information security risk and ensure they are aware of their accountabilities regarding information security risk management.
• Regularly assess and report to management any exceptions to information risk management policies, procedures and limits 
• Align with VA/PT team to validate IS Risks.
• Alignment with ORM, ITD, BCM, VCMP and any other relevant stakeholders.
• Develop strategic, tactical and operational risk dashboard reports.
• Develop Threat Modelling Process that utilizes quantitative and qualitative risk management measures. 
   

• Strong knowledge of banking and financial institutions processes and modus operandi, information security technologies, processes, and systems

• Bachelor’s degree (master’s degree preferred) in technology or related field or equivalent years of relevant work experience is required 
• Experience in banking and financial service sector preferred 
• 
  
  Good business and supervisory acumen
• 
  
  Familiar with GRC tools and other risk management platforms
• 
  
  Knowledge of ISO 27001, NESA, SWIFT CSP, PCI DSS and other information security standards and regulations
• 
  
  Certified Information Systems Security Professional (CISSP) or Certified in Risk and Information Systems Control (CRISC) Certifications are strongly preferred.