Senior Manager International - IT Risk and Cybersecurity Governance

The purpose of the role is to support the organization (Group IT) in its Enterprise Technology Risk (audit & operational risk), Regulatory Compliance and governance activities. The role additionally requires technical capabilities to conduct security tests and implement similar controls at the international units similar to Head Office. The role also contributes to the development, implementation, and maintenance of ENBD’s standards, framework and processes related to enterprise technology risk (audit & opsrisk), Cyber Security, Offensive Security and Regulatory Compliance across the Group and the regions we operate.

This unit is responsible for facilitating the analysis, preparing the mitigation plans and tracking variances and periodically following through to reduce the backlog and presenting the Enterprise Technology Risk updates (audit & opsrisk) and regulatory compliance levels for International Units across the Group. The unit also ensures that best practices and benchmark frameworks (NIST, PCI DSS, Consumer Protection, Data Privacy etc..) are applied for maintaining better adherence to strive towards the objectives of a global technology leader.

• Adapt and implement the NIST framework, PCI DSS, Data Privacy and protection (technology) requirements across the International Units. This will help bring together all international units to pace with Head Office.
• Facilitate and collaborate the governance of the technology Risk registers and highlights for International the risks and the business impact to relevant stakeholders whilst proactively identifying security deficiencies or opportunities for improvement through the development of pragmatic solutions.
• Facilitate IT risk and crisis management with focus on operations risk and resiliency, business continuity planning, technology transformation risks, Identity & Access governance in addition to vendor risk management
• Facilitate both internal and external audits and track them for closure with corrective actions in place - acting as a single point of contact and building reports and updates periodically.
• Facilitate with regulatory bodies to collect requirements and meet regulatory requirements to their various standards related to cybersecurity and technology.
• Facilitate cohesiveness in bridging the gap between Risk, Audit and regulatory compliance activities within Group Information Security by enabling a single-pane of glass of all related issues and gaps.
• Enhance the Blue, Red and purple teaming capabilities for HO and international to help upscale the security maturity of Emirates NBD Group.
• Design, implement and maintain identity governance frameworks and solutions to ensure secure access management across the organization.

 

The purpose of this job is to enhance security posture at International:

• Contribute for the definition of vision for the team and play a key role for the implementation of strategic plans related to Enterprise Technology Risk (audit, risk) and regulatory compliance for the organization.
• Manage the governance of the Technology Threat register/Audit Register and highlights the risks and the business impact to relevant stakeholders.
• Development and Implementation of Enterprise Technology Risk (audit, risk) and regulatory compliance frameworks for the strategic positioning for the process.
• Collaborate with Internal Audit to conduct IT audits in a timely manner and ensure follow-up of open issues are rectified as per agreed action timelines and report any non-compliances to senior stakeholders.
• Collaborate with external auditors to ensure IT Audits are performed in a systematic approach
• Present the outcome as a summary of pending audit/risk/regulatory compliance issues to senior management on a regular basis.
• Single point of contact for all internal/external audits to coordinate the efforts and measures needed to drive the audit.
• Ensure Policies, Standards, Procedures undergo internal quality checks and manages the lifecycle of the related documents.
• Responsible for tracking of security metrics and timely reporting to EXCO.
• Contribute to the technical initiatives to drive the Data Privacy/Protection maturity across the bank 
• She/he will also lead the team to align with business stakeholders on possible ways to meet security challenges and promote security awareness & security culture across the organization. Creating the culture of business security champions to develop awareness across the organization. She/he ensures early involvement of security in business projects to avoid unnecessary rework or delays
• Manage the various International regulatory requirements and frameworks and data privacy standards, which the Group must adhere to, such as UAE NESA, TRM, SAMA CSF, RBI Guidelines, PCI DSS, PRA/FCA Guidelines, SWIFT etc. 
• Manage Data Privacy and Consumer protection program for Technology domains
• Conduct regular access reviews and certifications, working with business units to manage access requests and approvals.
• Collaborate with Technology and business teams to integrate and conduct Identity Governance activities.
• Drive technology implementation in International Units

 

Skills and Experience:-

• 9+ years’ experience in the Information Security domain of which at least 3 years in the financial industry
• Business acumen: Experience of 3 years understanding the financial industry, technologies and specific operations that relate to banking & finance
• University degree or equivalent work experience required. Master’s Degree in Business Management or equivalent desired.
• Technical background covering heterogeneous technologies and multiple security domains
• Competence in the use/customization of GRC tools 
• Deep knowledge of security frameworks (such as ISO 27001, ISO 20000) and how to embed them into business requirements
• Knowledge required of security controls, typical pitfalls and required measures for security compliance. Deep experience of the current new and emerging technologies backbone and available technologies within the security space.      
• Methodologies and practices: Deep experience in alignment of business and IT requirements including translation of business requirements into security requirements (vice versa).
• Deep experience in communication and alignment with security teams and implementation teams. Deep expertise on current regulatory agenda and corresponding assessment methodologies.
• Business acumen: Deep general banking and business area knowledge is necessary in order to identify the right solutions for business and to steer the implementation teams into the right direction as well as making sure that a proper relationship to the business side is established.

Professional Certifications: CRISC/CISM/CISSP, CISA, ISO 27001 Lead Implementer/Auditor, CEH / PCI ISA, ITIL Foundation

Knowledge Areas:- IT Service Management, Enterprise Risk Management, Audit methodologies, regulatory compliance management/frameworks, Cyber Security, Application assessments

#LI-AD1

ENBD

Meet the leading banking group in the region

Emirates NBD, the leading Banking Group in the MENAT region, was formed on 19 June 1963, when H.H. Late Sheikh Rashid bin Saeed Al Maktoum signed the Charter of Incorporation of the National Bank of Dubai (NBD) which became the first National Bank established in Dubai and the United Arab Emirates (UAE). With the blessings of H.H. Sheikh Mohammed bin Rashid Al Maktoum, Vice President and Prime Minister of the UAE and Ruler of Dubai, NBD merged with Emirates Bank International (EBI) on 06 March 2007, to form Emirates NBD, the largest banking group in the region by assets. On 16 October 2007, the shares of Emirates NBD were officially listed on the Dubai Financial Market (DFM). The merger between EBI and NBD to create Emirates NBD, became a regional consolidation blueprint for the banking and finance sector as it combined the second and fourth largest banks in the UAE to form a banking champion capable of delivering enhanced value across Corporate, Retail, Islamic, Investment, and Private Banking, Global Markets & Treasury, Asset Management and Brokerage operations throughout the region.