Head of IS Risk Management

Overview

Role Purpose

Key Accountabilities of the role

• Manage and supervise cybersecurity risk assessment for business services, processes, and technologies.
• Stay abreast of global and regional information security threats by reviewing threat intelligence reports from Group Information Security Department鈥檚 (GISD) Cyber Threat Intelligence unit and reflect findings while identifying risks
• Reviewing security/vulnerabilities assessments and penetration testing reports delivered by GISD鈥檚 Attack Surface Reduction unit, and reflecting findings while identifying risks
• Identify and prioritize risk scenarios and report to management.
• Ensure proper delivery of ad-hoc and planned risk assessments in accordance with internal information security policies and requirements or external information security regulations and standards
• Oversee and manage risk monitoring plans and collaborate with relevant business units to ensure an effective implementation of mitigation controls
• Manage the implementation of systems and tools to automate the end-to-end information security risk management cycle
• Work with the Head of IS Governance and Risk Management for the continuous improvements in policies, procedures, standards, and guidelines in line with risk聽assessment findings and recommendations
• Present management reports highlighting the Group鈥檚 risk status and posture
• Supervise information security related projects such as security integration into coding and testing to assess the associated information security risks
• Finalize and confirm report on risk management KPIs
• Identify initiatives with Head of IS Governance and Risk Management to continuously improve risk performance and develop remediation steps that help the Group entities reduce the risk to an acceptable level, comply with applicable laws and regulations, increase operational efficiency, and meet IS goals and objectives
• Participate in communicating risk status to relevant internal / external stakeholders as well as risk remediation plans to relevant stakeholders and follow up on their implementation
• Improve/develop QA routines and controls to ensure appropriate focus on risk reduction within defined timelines.
• Measure, monitor, and report on information security risks.
• Review and report on vendor/third party risk supporting vendor risk management activities.
• Engage staff and/or vendors to develop information security risk mitigation plans to address risks identified in Vendor risk reviews.
• Monitor and report on information security risk mitigation plans to ensure timely execution.
• Engage employees in the management of information security risk and ensure they are aware of their accountabilities regarding information security risk management.
• Regularly assess and report to management any exceptions to information risk management policies, procedures and limits
• Align with VA/PT team to validate IS Risks.
• Alignment with ORM, ITD, BCM, VCMP and any other relevant stakeholders.
• Develop strategic, tactical and operational risk dashboard reports.
• Develop Threat Modelling Process that utilizes quantitative and qualitative risk management measures.
• Specialist Skills / Technical Knowledge Required for this role:
• Strong knowledge of banking and financial institutions processes and modus operandi,聽information security technologies, processes, and systems
• Bachelor鈥檚 degree (master鈥檚 degree preferred) in technology or related field or equivalent years of relevant work experience is required
• Experience in banking and financial service sector preferred
• Good business and supervisory acumen
• Familiar with GRC tools and other risk management platforms
• Knowledge of ISO 27001, NESA, SWIFT CSP, PCI DSS and other information security standards and regulations
• Certified Information Systems Security Professional (CISSP) or Certified in Risk and Information Systems Control (CRISC) Certifications are strongly preferred.