Job Description

Job Category: NES Job Group
:
The Information Security Risk Management and Reporting Manager supports in formulating the overall risk management strategy and objectives for the bank's information security function. This role involves aligning security risks with business goals, defining risk priorities, and establishing clear objectives to mitigate and manage risks effectively. The role will drive Information Security processes through enabling automation, designing & enabling solutions to automate risk management processes across the bank.), ensuring seamless integration, enhanced risk visibility, and streamlined reporting using advanced GRC tools.
Responsibilities:

• Risk Management Life-Cycle :

o Define risk lifecycle management process for the bank in alignment with ERM and ORM, and enable the same in ISG GRC solution to support the unit.
o Act as a trusted advisor to the Business when supporting risk-based decisions.
o Develop and implement, in collaboration with ERM and ORM, a Risk Appetite lifecycle framework to ensure continuous alignment with business needs, the internal and external threat landscape, and regulatory requirements.
o Assure Information Security exceptions are documented, effectively assessed and approved by respective risk owners and tracked for closure.

• Cyber Risk Management:

o Manage the organization's cyber risks by having a mechanism to identify the key cyber risk to the organization and documenting and reporting to effectively track for closure.

• Cyber Risk Quantification:

o Quantify the organization's cyber risks. Use qualitative or quantitative methods to assess the potential impact of cyber risks on the organization.

• Cyber Risk Register

o Develop and maintain a centralized risk register to ensure proper tracking and effective reporting of the identified risks.
o Ensure continuous updating to capture new risks, changes in risk status, and remediation progress, enabling informed decision-making and proactive risk management.

• Cyber Best Practice Sharing:

o Regularly share updates on the latest cybersecurity best practices.
o Encourage teams to incorporate these practices into their daily operations.

• Vendor Relationship Management:

o Serve as the main liaison between the organization and GRC solution vendors. Manage BRDs, contracts, licensing, and renewals, ensuring that services and tools meet the company's evolving needs and compliance requirements.

• IS GRC Solution Management:

o Be the business owner of the bank's GRC platform for ISG and oversee the management of the organization's IS GRC solution.
o Enable centralized knowledgebase and GRC solution to automate Information Security activities and governance process with a centralized risk register, risk reports, and dashboards related to overall risk posture for specific location and business unit.
o Ensure that the solution is effectively used to support the organization's information security governance, risk, and compliance activities.
o Support local CISOs / IS SPOCs in regulatory audit discussions and data required from ISG, and enable the local CISOs with Prism access to onboard the open issues for centralized tracking and governance.
o Serve as the main liaison between the organization and GRC solution vendors. Manage BRDs, contracts, licensing, and renewals, ensuring that services and tools meet the company's evolving needs and compliance requirements.
o Ensure that the GRC tools are properly configured to address the organization's specific risk, compliance, and audit requirements.
o Ensure the smooth operation of GRC solutions, including monitoring system performance, identifying issues, and implementing resolutions promptly
o Develop training materials and provide ongoing support for GRC platform users, ensuring they can effectively leverage the tools for risk and compliance activities.
General

• Demonstrate adoption of ISG vision, mission, key principles, cultural and operational objectives. Support actively key ISG transverse initiatives.
• Manage the main GRC Run the Bank and Change the Bank agenda to deliver quality results, on time and on budget. Escalate in advance any alert, risk, critical dependency, and issue that arises, with options for their management to ensure proactive management and no surprises.
• Ensure preparation, execution, and follow-up of regulatory examinations, audits, and assessments. Those reviews shall not result in any critical or high-risk issue for ISG or for ISG GRC.
• Ensure closing of all legal, regulatory, and audit issues with the expected level of quality, in time, and on budget.

Qualifications:

• A mid-senior level officer with sound knowledge and expertise in information security risk management, with experience in managing enterprise projects and of direct and indirect relationships with senior and executive management.
• Strong experience with GRC platforms (e.g., RSA Archer, MetricStream, ...etc ), including administration, configuration, and integration with other business systems.
• Strong experience and knowledge across the Information Security and Cyber Security domains, including governance, policy procedures, compliance management, risk management, and security incident response, etc.
• Strong experience in a Banking environment with a strong understanding of key security frameworks such as ISO27001.XX, NIST 800.xx, PCI-DSS, SWIFT CSP, COBIT etc.
• Strong interpersonal, analytical, and technical skills with strong decision-making and prioritization skills.
• Sound knowledge of evolving advanced tech stacks and related control and risk universe.
• Sound knowledge and expertise in conducting risk assessment.
• Have 10+ years of rich experience in the information security domain and at least 2-3 years of dedicated experience in managing GRC solutions or in a similar role, with a strong background in governance, risk management, and compliance
• Master's degree in IT/Information Security
• Professional certifications : CISA, CISM, CISSP, CRISC, ISO27001 LA/LI, etc.

About Us:
The leading financial institution in MENA
While more than half a century old, we proudly think like a challenger, startup, and innovator
in banking and finance, powered by a diverse and dynamic team who put customers first.
Together, we pioneer key innovations and developments in banking and financial services.
Our mandate? To help customers find their way to Rise Every Day, partnering with them through
the highs and lows to help them reach their goals and unlock their unique vision of success.
Delivering superior service to clients by leading with innovation, treating colleagues with dignity and fairness while pursuing opportunities that grow shareholders value.
We actively contribute to the community through responsible banking in our mission to inspire more people to Rise.

Skills Required