Assistant Manager, Security Governance & Compliance

About This Role

Dubai, Dubai, AE Intermediate Permanent ID: 100355

DESCRIPTION

Operating in the UAE for over 50 years, CBD manages the financial requirements of some of the largest corporates and businesses operating in the country, driving the UAE economy. Over the years, CBD has transformed into a progressive and modern banking institution winning multiple awards for its digital initiatives, credit cards, bank accounts, mobile app features and services.

CBD has been recognized as the number one bank in the UAE on the Forbes list of The World’s Best Banks 2022.

As we continue to build upon our successes, we are looking for ambitious individuals who are passionate about the banking and finance industry and the markets in which CBD operates. Just as important to us is your ability to demonstrate a talent for dealing with people - your colleagues and our customers and delivering service that really goes the extra mile.

Job Purpose:

• Spearheading and managing Security Governance, Risk Assessment and Security Compliance programs.
• Liaise with internal and external stakeholders and actively act as key influencer in security decisions
• Conduct independent security risk assessments, compliance reviews and train other staff members
• Support and work closely with business & Information technology to review new initiatives, implement Application Security Program, Manage third party vendors, service contracts and interact with IT management on a regular basis
• Propose and plan information security strategy, yearly plans, inline to regulatory, compliance requirements and key risk areas for the bank
• Establish accountability to ensure controls are implemented to mitigate the risk and also mentor and guiding Internal teams, IT, IT Security, IT Development, Business toward improving CBD security posture
• Developing and maintaining information security policies. Other activities include Maintain risk register, provide monthly management dashboard with KPI status,
• Perform security review of new projects and project changes, Lead and manage Application security assessment teams and reporting staff
• Act as key technical resource in a number of important CISO Office activities, including Application Security Risk Assessments, Security Compliance Reviews and Independent Security Assessments

Principal Accountabilities:

• Establish an information security governance framework
• Document review and update information security policies to protect bank and its sensitive data while ensuring compliance with relevant regulations
• Break complex security requirements in easy-to-understand action plans for management
• Tracking and closing security concerns with IT, Business Owners
• Provide management dashboards showing progress on compliance and security KPI
• Support management in developing a security strategy
• Manage Swift and NESA/UAE IA compliance management programs
• Perform Enterprise Risk assessment, Cloud risk assessment
• Perform Vendor/Third party risk assessment inline to information security risks
• Review information security risk acceptance requests
• Provide security awareness training for new joiners
• Conduct compliance review of regulatory requirements to identify gaps and action plan
• Review and Approve changes on business applications security changes
• Represent information security in various meetings
• Develop business cases for special security engagements
• Manage penetration testing and vulnerability assessment activities
• Act as SME for security decisions, regularly reviewing security metrics, preparing reports and dashboards
• Present application security gaps and prepare reports on findings and recommendations
• Manage and evaluate application security testing activities for possible vulnerabilities
• Ensure that identified risk is managed in accordance with the IT Risk Management program by regular review and follow up
• Conduct Application security risk assessments and independent assessments (penetration testing), including risk modelling, analysis and mitigation
• Manage and development of appropriate information security policies, standards, procedures, checklists, and guidelines using generally – recognized security concepts tailored to meet the requirements of the organization
• Creation of necessary documentation that codifies the Application Security Program, including the development of secure coding policies, procedures and standards
• Lead actively discussions around design and reviews of applications from a security standpoint to ensure SDLC process being followed
• Work with third party vendors, managing the contract and projects
• Guide, influence and work with IT developers to adopt secure practices when developing applications
• Independently manage different technical assignments, involved in the evaluation and selection of third-party vendors and solutions.
• Achieving and maintaining compliance with applicable security regulations and internal policies.
• Liaise among the IT, IT Security team, Compliance, Internal Audit, and HR management teams as required
• Mentor and train junior staff and other CBD staff as required

REQUIREMENTS

Education and Experience:

• Ideal candidate would have a developer background who has a good understanding of common vulnerabilities and strong desire in application security role. Background in application development is required
• Degree preferably in Computer Science and/or Computer Networks
• Security certifications desirable (CISSP, CISA, OWASP, CISM, CRISC)
• Good technical background in IT Security, Information Security and Risk Management. (ISO 27001, OWASP, CIS Security controls)
• Proven track record in a regional bank with good understanding of bank operations
• Minimum 3 years as IT developer and 3 years as Information Security professional
• IT Security and Information Security project management experience