Chief Risk Officer- KSA

Glow Beauty on Demand


Date: 3 weeks ago
City: Riyadh
Contract type: Full time
Responsibilities:

  • Ensures compliance with all applicable cybersecurity regulations and standards in the region, especially those issued by the Saudi Arabian Monetary Authority (SAMA), and provides necessary support and cooperation to regulatory bodies during audits and inquiries.
  • Follows up on the review of security procedures and mechanisms, participates in defining security responsibilities and controls, and works with external information security consultants to enhance the bank's information security posture.
  • Conducts in-depth analysis of past cybersecurity incidents to prevent recurrence and to continuously improve the cybersecurity system.
  • Oversees, reviews, and periodically updates the bank's Information Security Policy and technology framework (COBIT), assesses risks based on NIST standards, evaluates data protection mechanisms and encryption practices, and ensures proper access controls to backup media and devices. Reviews them periodically in line with the branch's strategy by analyzing and managing cybersecurity risks, access controls, and information security documentation standards, and contributes to developing and implementing these policies to improve information governance.
  • Manages the implementation of the cybersecurity program, develops an approach to integrate cybersecurity into bank operations at all levels, manages cyber risk assessments, recommends mitigation controls and procedures, defines cybersecurity requirements for current and new projects, and oversees information/system classification processes.
  • Evaluates the adequacy of cybersecurity risk controls and approves exceptions based on acceptable risk levels and regulatory guidelines, in coordination with the group-level information security team.
  • Measures and develops the performance of cybersecurity programs and key risk indicators, ensures compliance with cybersecurity policies, standards, and procedures, and regularly reports the cybersecurity program status to the Board of Directors and relevant committees as needed.
  • Reviews system user reports to ensure the application of authorized user access policies across bank data, identifies users violating approved policies, and takes corrective actions to prevent future breaches.
  • Assesses the efficiency of IT infrastructure security by monitoring performance indicators, using appropriate tools, and reviewing configuration reports.
  • Manages security and cyber incident response and digital forensics, and implements necessary actions to address and minimize impacts in alignment with business continuity plans and in coordination with relevant internal and external parties.
  • Manages access control policies at all levels in coordination with information owners and helps develop the necessary procedures for access transitions.
  • Ensures the bank's compliance with information protection laws and regulations, including the General Data Protection Regulation (GDPR) and the Personal Data Protection Law (PDPL) in Saudi Arabia, by monitoring data handling, processing, and storage practices.
  • Develops and enhances cybersecurity procedures by simulating cyberattack scenarios such as phishing and penetration testing to safeguard the bank's interests.
  • Ensures external service providers comply with the bank's cybersecurity standards by conducting regular security assessments and ongoing monitoring to protect the bank's rights.
  • Collaborates with external information security consultants to improve the bank's information security framework.
  • Prepares periodic information security reports for relevant departments and committees at the branch and head office levels. Reviews activities of various automated systems and prepares periodic reports on the Information Security / Business Continuity unit, reflecting relevant security events.
  • Submits detailed cybersecurity risk reports to relevant committees and stakeholders, including trends, breach probabilities, and mitigation strategies quarterly or as required.
  • Oversees the review of information systems/cybersecurity control measures, periodically assesses information risk, recommends new technologies and countermeasures to align with global trends, and supervises the security of any new services or projects planned by the bank.
  • Develops and delivers information security awareness and training programs for bank staff in collaboration with the group-level information security team.

Qualifications & Requirements

  • Bachelor's degree in Administrative Sciences or a related field.
  • Minimum of 10 years of professional experience in risk management, including at least 5 years in market and liquidity/treasury risk management.
  • Holder of a specialized professional certification in accordance with Saudi Central Bank and regulatory authority requirements.
  • Strong planning and organizational skills.
  • Proficiency in English (written and spoken).
  • Supervisory and managerial skills.
  • Comprehensive knowledge of internal and external policies and procedures governing operations, including updates.
  • Knowledge of laws and regulatory frameworks governing banking operations.
  • Familiarity with Saudi Central Bank regulations, instructions, and systems.
  • Knowledge of all banking operations, including legal, technical, and risk-related aspects.
  • Full understanding of the bank's services and products.
  • Proficiency in computer use and banking systems.
  • Strong decision-making ability.
  • Analytical and problem-solving skills.
  • Effective communication and interpersonal skills.
  • Ability to motivate and work within a team spirit.
  • Ability to work under pressure.

How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.

Post a resume

Similar jobs

Performance Manager

dentsu, Riyadh
1 hour ago
Job Description:About CaratCarat, part of the dentsu network, is the world’s first media agency—and today partners with some of the most storied and innovative brands globally. Built on the principle of Designing for People, Carat uses deep human understanding, data, and creativity to craft media strategies that drive both connection and growth.At Carat, people are encouraged to challenge conventions and...

Senior Manager Club Program

Esports World Cup Foundation, Riyadh
7 hours ago
Team: Clubs, National Teams & PlayersActivity: Full-timeRole grade: Senior Manager (7)Direct reports: 0Indirect reports: 0Reporting to: Manager, Clubs & PlayersRole location: Riyadh, Saudi ArabiaJob Purpose: As the Senior Manager, Club Program, you will develop, manage and scale the EWCF Club Partner Program (CPP). You will oversee the entire program lifecycle from applications and evaluations to onboarding, season-long engagement, performance tracking,...

Experienced Clinical Research Associate Sponsor-dedicated

IQVIA, Riyadh
1 day ago
Job OverviewPerform monitoring and site management work to ensure that sites are conducting the study(ies) and reporting study data as required by the study protocol, applicable regulations and guidelines, and sponsor requirements.Essential Functions Perform site monitoring visits (selection, initiation, monitoring and close-out visits) in accordance with contracted scope of work and Good Clinical Practice. Work with sites to adapt, drive,...