Information Security Risk Manager

Accountabilities and Key Roles:

• Maintain and update Cloud Development practices and coordinate implementation with all stakeholders to ensure ongoing compliance.
• Assess existing SecDevOps technologies/processes and coordinate implementation for ongoing assessment of developed solutions to ensure compliance with necessary security requirements.
• Ensure proper design of SDLC, Access and Change Management processes for ongoing compliance with applicable industry best practices.
• Analyze relevant global threats to enhance established controls.
• Disseminate established technology risk documents and ensure proper understanding by all stakeholders.
• Contribute to the development of technology technical standards and tools configurations (i.e DAST, SAST).
• Liaise with the IT & Cyber functions to implement the required technical controls, RFP preparations, vendor selection and follow-up on projects implementation/progress, and provide security consultancy where needed.
• Conduct Technology specific Cyber & information security training and awareness programs to IT staff.
• Define necessary techniques/processes/tools to monitor and ensure comprehensive assessment and remedy to the following:

-Unauthorized access to the bank assets.

-Non-compliance with the security policies and controls.

-Application penetration testing to assess risks of identified vulnerabilities.

-Internal/External vulnerability assessment on IT assets.

-Internal/External audit assignments.

Job Requirements:

Education:

• Bachelor’s degree in Information Technology, or information systems or any related field from a recognized university.
• Professional certification preferred at least one (CSSLP, CCSP, CISSP, CISM).

Experience:

• 8+ years of IT risk experience in a leading regional or international organization.

Competencies:

• Fluent in English and Arabic.
• Good understanding of regulatory requirements.
• Good computing & modeling skills.
• Excellent understanding of Cloud CICD, SDLC, Access and Change Management processes.
• Capabilities to analyze Application Penetration Testing and Vulnerabilities reports.
• Excellent understanding information security standards (OWASP, ISO 27001, PCI, NIST-CSF).
• Good knowledge in developing information security standards, risk assessment processes, compliance tools, and information security technologies.
• Excellent project management skills.
• Experience in managing remote teams.
• Excellent analytical, interpersonal, communication, and presentation skills.