Information Security Risk Manager

Accountabilities and Key Roles:

  • Maintain and update Cloud Development practices and coordinate implementation with all stakeholders to ensure ongoing compliance.
  • Assess existing SecDevOps technologies/processes and coordinate implementation for ongoing assessment of developed solutions to ensure compliance with necessary security requirements.
  • Ensure proper design of SDLC, Access and Change Management processes for ongoing compliance with applicable industry best practices.
  • Analyze relevant global threats to enhance established controls.
  • Disseminate established technology risk documents and ensure proper understanding by all stakeholders.
  • Contribute to the development of technology technical standards and tools configurations (i.e DAST, SAST).
  • Liaise with the IT & Cyber functions to implement the required technical controls, RFP preparations, vendor selection and follow-up on projects implementation/progress, and provide security consultancy where needed.
  • Conduct Technology specific Cyber & information security training and awareness programs to IT staff.
  • Define necessary techniques/processes/tools to monitor and ensure comprehensive assessment and remedy to the following:

-Unauthorized access to the bank assets.

-Non-compliance with the security policies and controls.

-Application penetration testing to assess risks of identified vulnerabilities.

-Internal/External vulnerability assessment on IT assets.

-Internal/External audit assignments.


Job Requirements:

Education:

  • Bachelor’s degree in Information Technology, or information systems or any related field from a recognized university.
  • Professional certification preferred at least one (CSSLP, CCSP, CISSP, CISM).


Experience:

  • 8+ years of IT risk experience in a leading regional or international organization.


Competencies:

  • Fluent in English and Arabic.
  • Good understanding of regulatory requirements.
  • Good computing & modeling skills.
  • Excellent understanding of Cloud CICD, SDLC, Access and Change Management processes.
  • Capabilities to analyze Application Penetration Testing and Vulnerabilities reports.
  • Excellent understanding information security standards (OWASP, ISO 27001, PCI, NIST-CSF).
  • Good knowledge in developing information security standards, risk assessment processes, compliance tools, and information security technologies.
  • Excellent project management skills.
  • Experience in managing remote teams.
  • Excellent analytical, interpersonal, communication, and presentation skills.
Post date: 9 September 2024
Publisher: LinkedIn
Post date: 9 September 2024
Publisher: LinkedIn