Cyber & IT Risk Manager Cyber & IT Risk Manager …

Arab Banking Corporation
in Manama, Capital Governorate, Bahrain
Permanent, Full time
Last application, 28 Feb 20
Competitive
Arab Banking Corporation
in Manama, Capital Governorate, Bahrain
Permanent, Full time
Last application, 28 Feb 20
Competitive
Cyber & IT risks are considered among the top 3 risks for financial institutions (Cyber risk being a systemic risk). Regulators are more and more stringent with regards these risks that may lead either to a fraud or to a disruption of the financial ecosystem. Against this backdrop Bank ABC has decided to further strengthen its 2nd line of defence Cyber, IT & Fraud Risk management function, manned by specialists. The position of Cyber & IT Risk Manager is a new position.

Job Purpose:

To facilitate, monitor and oversee the management of Cyber & IT Risks (risks related to IT, Cyber/Information Security and Business Continuity) across ABC Group and to support the first line of defense (IT, Cyber/Information Security and Business Continuity) in their respective risk domains.

Principal Accountabilities and Deliverables of Role:

  • Oversight/Monitoring of the implementation (progress) of policies and frameworks for IT, Information/Cyber Security and Business Continuity by the first line in Bank ABC
  • Supporting Cyber & IT risk management processes in the first line (IT, Information/Cyber Security and Business Continuity) and in the second line (Risk Management department);
  • Providing input from a Cyber & IT Risk perspective to proposals that are put forward to the New Products Committee
  • Monitor the effectiveness of the controls implemented through the policies and frameworks for IT, Information/Cyber Security and Business Continuity in the units via Key Risk Indicators.
  • Analysis of risk data and translating same in action plans;
  • Reporting of risks and status of risk management;
  • Preparation of the Group Operational Resilience Committee.
  • Raising awareness and promoting best practices for the management of Cyber & IT Risk
  • Develop Key Performance Indicators for the implementation of IT, Information/ Cyber Security and Business Continuity policies and frameworks to monitor progress in terms of implementation
  • Advise on Cyber & IT Risk matters (experts and non-experts)
  • Analysis of the Cyber & IT Risks in proposals and advice on mitigating actions to remain within the risk appetite of the Bank
  • Develop, improve and monitor Key Risk indicators
  • Raise Issues and Action Plans and analyze Incidents
  • Propose and perform Control Assurance when appropriate
  • Produce easy to read reports with clear defined thresholds
  • Provide trainings / Share incident analysis
  • Provide a Cyber & IT Risk watch especially on emerging technologies

Committee Responsibilities:

Attend and present at Group and Local Risk Committees when requested.

Job Requirements:

Knowledge

Extensive knowledge of the IT Risk, IT Audit, IT Security (incl. Cyber) and/or Business Continuity

  • Practical working experience with IT risk & control frameworks;
  • Broad knowledge of operational risk disciplines, IT Risk, Information Security, Business Continuity and Disaster Recovery;
  • Relevant knowledge of industry process, control and risk frameworks, e.g. CMMi™, ITIL, COBIT, ISO 2700x, NIST, ISO22300, CIS20;
  • Strong practical experience with IT Risk Assessment frameworks, tools and methodologies as applied to business processes, business applications, technology infrastructure and third parties
  • Practical knowledge of Operational Risk tooling e.g. Governance, Risk and Compliance applications (including reporting aspects)

Education / Certifications

  • Master degree from a reputable university
  • Formal academic credentials related to IT Risk (IT, Information (Cyber) Security, Risk Management, Business Continuity);
  • Appropriate qualifications (CISM, CISA, CISSP, CRISC or equivalent).

Experience

  • At least 5 years of relevant work experience

Personal Attributes

  • Strong written & oral communication / presentational skills;
  • Good time-management skills;
  • Self-started / Pro-active;
  • People management and relationship skills; and
  • Good PC skills (current applications).
Close
Loading...