Risk and Security Analyst

Accountabilities and Responsibilities:

1. Risk Management
   • Manage the closure of outstanding IT audit issues (TRAP) and respective corrective actions.
     
   • Support the Risk function in managing BCP, BIA, and DR capabilities.
     
   • Assist in the creation and updates of RCSAs and periodic control tests.
     
   • Proactively drive improvement in the risk profile of the Bank through the application of robust risk management techniques, working with stakeholders across the Technology Services organization.
     
2. Release Management
   • Ensure that release management tasks in the IT function are conducted to high standards, managing risk comprehensively and effectively.
     
   • Ensure resilience and timely delivery of releases to production.
     
3. Control Functions
   • Verify that change requests are submitted for weekend implementations and oversee the effective governance of change control meetings.
     
   • Develop and maintain IT procedures to document risk and control processes.
     
   • Monitor the implementation of IT control test plans and coordinate with Operational Risk to prepare risk reporting.
     
   • Liaise with Operational Risk and Information Security to perform control tests, support reporting of findings, and track corrective action plans.
     
4. Communication
   • Support the preparation of risk and control reports and documentation as required by senior management.
     
   • Ensure timely progress updates to Internal Audit, Information Security, and GBS stakeholders regarding outstanding risk issues.
     
5. Operational Resilience
   • Define and drive the agenda to deliver policies, procedures, and techniques to support operational resiliency across the Bank's technology.
     
   • Facilitate BIAs within IT to identify critical processes.
     
   • Support comprehensive and effective incident management processes.
     
   • Identify process risks and gaps in compliance for IT testing and resiliency and address them to prevent incidents.
     
   • Support, drive, and execute strong governance in the usage of cloud technologies.
     
6. Other Accountabilities
   • Develop UAE Nationals and support the Bank's Emiratization agenda as directed by Senior Management.
     
   • Undertake similar or related tasks and duties as directed by Senior Management.
     

Experience, Qualifications & Competencies:

Minimum Experience

• At least 6 years of experience in an IT banking background, with at least 4 years in IT Security, IT Risk, or Information Security.
  
• Working knowledge and experience in Banking Operations, Capital Markets, Corporate Banking, and technology-related risk issues.
  
• Ability to prioritize and manage multiple tasks simultaneously.
  

Minimum Qualifications

• A university degree in a technical STEM subject.
  
• A postgraduate degree in a STEM subject is desirable.
  

Professional Qualifications

• CISSP, CRISC, CCSK, CCSP, ISO, and SANS certifications.
  

Knowledge and Skills

• Expertise in Technology Risk Management and Security Risk Management.
  
• Familiarity with globally recognized security risk and technology risk management standards and techniques.
  
• Knowledge in Cloud Security Risk Management, DevOps/DevSecOps, and Security Operations.
  
• Strong understanding of Third-Party Risk Management and Security Architecture/Enterprise Architecture/Risk Architecture.
  
• Proficiency in Technology Governance and Technology Compliance/Security Compliance.
  

Requirements

Core Competencies

• Ability to design and provide advisory on solution quality technology controls techniques.
  
• Strong written and verbal communication skills in English; Arabic is an advantage.
  
• Strong influencing, stakeholder management, persuasion, and negotiation skills.
  
• Excellent interpersonal skills.
  
• Strong experience in managing, coaching teams, and building high-performing teams.
  
• Leadership skills in a service and results-oriented culture.
  
• Strong planning, execution, analytical, and time management skills.
  
• Ability to build partnerships and interact with all organizational levels.