Job title: Officer – Information Security Risk Management
Job description: Job Description: Role : Officer – Information Security Risk Management
Location : Abu Dhabi
This role is required to support IS Risk Management unit in conducting detailed Information Security Risk assessment, review risk management framework, policies, and procedures in GISD. Objective is to ensure risk related security controls are developed, approved, implemented, and proactively protecting ADIB Group’s environment from evolving risks, threats, and attacks.
Roles & Responsibilities:
The IS Risk Management Unit ensures that risks are reduced to an acceptable measure without affecting overall bank’s driven direction and future growth.
Part of the Senior Officer responsibilities is to
- Conduct detailed information security risk assessment as per the agreed annual RA plan as well as ad-hoc assessments and security reviews requirement from business.
- Technical expertise in identify potential vulnerabilities and issues in applications and systems.
- Regular review of existing framework, policies, and procedures. Updating the documents as and when required.
- Support Head of IS Risk Management in identifying areas of potential risks in processes and provide mitigating solutions as per approved framework.
- Communicate and coordinate with ADIB GISD staff and ADIB business units with regards to risk assessments, security reviews and regular action item follow-up.
- Regularly maintain and update the Risk Register with latest information.
- Prepare weekly, monthly reports and dashboards for the management.
- Have a good understanding of cloud computing and cloud security concepts.
- Support Head of IS Risk Management in update the annual risk review plan in consultation with other key stakeholders.
Key Accountabilities of the role
- Responsible for performing information security risk assessments while participating in the review of the risk management framework to cater for the Group’s needs and requirements.
- Follow the ADIB Information Security Risk Management framework and methodology while executing the risk assessments and security reviews.
- Ensure comprehensive risk assessment covering technical, process and business aspect of an application or system. Real vulnerabilities and risks to be identified instead of a checklist-based assessment.
- Develops information security risk mitigation strategies to ensure that risks are reduced to an acceptable level, comply with relevant information security laws and regulations, increase operational efficiency, and achieve ADIB’s information security objectives
- Review and analyze business services, processes, and technologies to identify impact on business operations and CIA of ADIB information and information systems.
- Support the risk management team members with third party risk management in identifying and classifying third party vendors to ensure supply chain security.
- Work closely with management to classify information assets across the organization and identify the related security requirements based on asset criticality and business requirements.
- Work with IT Architecture team(s) to understand and manage security components of infrastructure and applications.
- Coordinate and support information security risk management team with internal and external audit activities.
- Maintain and provide regular metrics, report and dashboards about information security risks and present it to the GISD leadership team highlighting the Group’s risk status and posture.
- Participate in GISD projects associated with the information Security, supply chain security and cloud security domain.
- Actively participate in the development and implementation of enterprise policies, standards, and processes.
- Identify and lead the appropriate subject matter experts to participate in the identification and analysis of risk scenarios.
- Stay abreast of global and regional information security threats by reviewing threat intelligence reports from Group Information Security Department’s (GISD) Cyber Threat Intelligence unit and reflect findings while identifying risks
- Gather information related to current information security vulnerabilities across ADIB by reviewing security/vulnerabilities assessments and penetration testing reports delivered by GISD’s Attack Surface Reduction unit and reflect findings while identifying risks.
- Identify and prioritize risk scenarios.
- Assist in developing risk mitigation plans and collaborate with relevant business units to ensure an effective implementation of mitigation controls.
- Participate in the implementation of systems and tools to automate the end-to-end information security risk management cycle.
- Work with the Risk Management team for the continuous improvements in policies, procedures, standards, and guidelines in line with risk assessment findings and recommendations.
- Participate in and review information security related projects such as security integration into SDLC, Digital Transformation and Cloud Migration to assess the associated information security risks.
- Develop, update, measure, and report on risk management KPI’s and KRI’s.
- Identify initiatives to continuously improve risk performance and develop remediation steps that help the Group entities reduce the risk to an acceptable level, comply with applicable laws and regulations, increase operational efficiency, and meet IS goals and objectives
- Participate in communicating risk reports and status to relevant internal / external stakeholders as well as risk remediation plans to relevant stakeholders and follow up on their implementation until closure.
- Identify and create Plan of Action & Mitigation for any identified control gaps associated with policies and standards.
Specialist Skills / Technical Knowledge Required for this role:
- Knowledge of banking processes and operations, information security technologies, processes, and systems.
- Good business acumen, strong communication and collaboration skills.
- Problem solving and can-do attitude with minimal supervision.
- Good technical capability with respect to information security in the areas of application security, vulnerability assessment and penetration testing.
- Strong understanding of cloud computing and security with exposure to cloud security tools and configurations.
- B.S. in IT related discipline or similar degree preferable.
- CISSP, Certified in Risk and Information Systems Control (CRISC) designation preferred or attained within 2 years. Cloud security certifications are an advantage.
- Technical knowledge to understand detailed issues around information security, cyber security architecture, security solutions and overall risk in IT. Able to have enough expertise to drive a solution and solve issues, addressing risk.
- Strong communications skills are required to work across the organization, and several corporate functions.
- Ability to frame risk issues in a business-friendly language, to help communicate issues to business.
- Familiarity with maintaining and managing GRC tool and other risk management tools and platforms
- Knowledge of ISO 27001, NESA, SWIFT CSP, PCI DSS and other information security standards and regulations is preferred
- Good knowledge and work experience in information security, risk management, cloud security or related fields such as audit, IT Security, however other IT disciplines are eligible, 2 – 3 years IT experience preferably in IS Security/Information Risk Management. (Preferably in banking and financial services sector)
- Experience in the information security risk management life cycle, vulnerability assessment, application security, penetration testing.
- Experience with GRC tools and platforms, conducting RCSA and control testing.
Location: United Arab Emirates
Job date: Fri, 31 Dec 2021 03:36:29 GMT
Apply for the job now!