IT Security Risk Manager - Saudi National - #16959

Department: Banking
Location: Saudi Arabia
Job Type: Full-Time

Job Summary:
The incumbent will lead the implementation of IT risk and Security policies and procedures in compliance with the bank’s policies and standards. In addition to governance responsibilities to assess the adequacy and effectiveness of the Information technology (IT) and Cyber Security risk management services, processes that aligned to support the bank’s KSA strategy and regulatory requirements such as follow-up of all technology risks such as cyber security threats to bank
Key Responsibilities:

• Shareholder and Financial: Lead strategic initiatives targeting IT Security compliance with SAMA regulatory requirements and the bank's policies and standards. Provide the appropriate regulatory liaison and decision support to the Head of Risk and the CEO on all aspects of Cyber and Technology Security risks.

• Customer (Internal & External): Work with Compliance to provide management with updates on regulatory changes pertaining to IT risk. Provide timely and accurate information to the external and internal Auditors, Compliance, Financial Control and Risk Functions as and when required.

• Internal (Processes, Products, Regulatory): Adhere to KSA country policies and procedures submitted by relevant departments/units. Undertake risk assessments and promote efficient and prompt communication, interaction and synergies between the Branch and Head Office IT Security functions.
• Learning and Knowledge: Increase self-knowledge/awareness of IT risk management techniques and methodologies. Maintain an understanding of all pertinent regulations as well as best practices pertaining to Information Security.
• Legal, Regulatory and Risk Framework Responsibilities: Comply with all applicable legal, regulatory, and internal compliance requirements including, but not limited to, the banks Compliance manual; Group Compliance Policies and Procedures e.g., Anti Money Laundering & Counter Terrorist Financing, Sanctions Policy, Data Protection Policy, Whistle Blowing Policy, Conflict of Interest, and Insider Dealing Policy.

Qualifications:

• Graduate / Postgraduate in a related degree of education (Computer Science, Computer Engineering).
• Professional certification such as CISSP, CISM, CRISC, CEH, and CCSP preferred.
• SIEM certification and any vendor security certification related to network, and application systems security would be considered as a plus.
• Minimum of 8 years’ experience (preferably in a bank) of which, preferably, at least 3 years’ experience in a SOC or Security Engineering environment.
• Understanding IT risks across the full product/process range in banks/FSI.
• Maintain a keen understanding of evolving Internet threats to ensure the security of the Bank network.
• Strong understanding of security architectures and devices.
• Strong understanding of threat intelligence consumption and proactive mitigation.
• Strong understanding of root causes of malware infections and proactive mitigation.