Principal Analyst, Governance, Risk & Compliance Tech

Maintain visibility of the GRC activities across the unit and ensure implementation of proper tracking & reporting mechanisms.

Ensure tracking and completion of GT BIA/BCP related requirements as per the GBCM timelines.

Ensure tracking, monitoring, and reporting of the GT related periodic UAE regulatory requests & reporting.

Oversee GT Risk Remediation program and ensure implementation of proper governance mechanisms.

Ensure timely completion of IT Risk Operations activities.

Oversee management of Data Leakage Prevention (DLP) notifications and improvement initiatives to optimize monitoring policies.

Act as a point of contact for GIA for Tech GRC audit activities.

Act as a point of contact for internal/external auditors and regulators for all IT Governance and Risk related items

Ensure implementation of proper tracking mechanism for Operational Risk Incidents to ensure compliance with GORM policies.

Ensure all the GRC systems used by 3 lines of defense are in sync and oversee periodic reconciliation activities.

Ensure proper governance of GIA issues and other key risk items to ensure timely remediation.

Ensure identification and implementation of automation initiatives to improve overall GRC operations.

Support & contribute to implement initiatives to improve ways of working with 2nd line & 3rd line functions.

Ensure timely and accurate MIS is available for GRC related activities.

Establish IT risk management framework to identify, analyse, mitigate, manage, monitor, and communicate IT risks.

Ensure adherence to Group Security policies and standards for effective implementation of security controls within GIT.

Contribute towards maintenance of standard technology risk and control library.

Implement the cyber risk assessment model and analysis approaches.

Understand how cyber risk fits into overall Technology Risk Management and ensure integration.

Identify, agree and manage various assurance initiatives and internal reviews across GIT

Ensure timely identification and assessment of IT risks throughout software development / acquisition lifecycle.

Ensure IT risks are managed as per the agreed IT risk appetite, tolerance levels and in accordance with remediation plans and target dates defined in alignment with Group Policies.

Support and help technology teams on various risk and control assessments activities.

Participate in Project & Change reviews to ensure appropriate treatment of technology risks.

Work with technology teams to ensure implementation of comprehensive solutions to protect organization information assets.

Manage periodic risk assessment activities to identify vulnerabilities, threats and control effectiveness.

Periodically identify the risks that might compromise cyber security.

Analyse the severity of each risk by assessing likelihood and impact.

Agree with stakeholders on the residual risk ratings and potential risk exposure.

Qualify/quantify exposures and vulnerabilities on a big-picture scale to create a thorough understanding of the risk environment.

Oversee development of risk treatment strategies to maintain the bank s risk posture at the desired level.

Engage with various IT teams to review risk profile, risk treatment strategies and action plans.

Ensure proper implementation of risk treatment options such as mitigation, transfer, acceptance etc. and help IT teams in closure of risks/issues.

Regularly review current risk measures and ensure implementation of adaptive approach to manage evolving cyber risks.

Identify and define Key Risk Indicators (KRI) to monitor high risk areas.

Deliver periodic risk profile reports and KRI reports to senior management.

Review Major incident Reports and ensure proper risk/control measures are identified to prevent incident reoccurrence.

Manage Technology risk committee meetings and ensure closure of action items.

Ensure due diligence of cloud service providers and oversee ongoing cloud service providers security assessments.

Evaluate cloud solutions and determine risk of technology architecture, implementation, and suitability for the organization.

Ensure cloud service providers contracts are compliant to Group policies/processes and relevant controls are considered in the contract with cloud service providers.

Assess the risk implications of digital innovation and its impact on technology risk profile of the bank.

Provide recommendations to optimize the risks and ensure technology policy and process alignment.

Support and maintain risk assessment capabilities to review and assess digital business models end to end.

Work with business and technology teams to better understand digital business risk and facilitate a balance between the need to protect the organization and the need to optimize customer experience.

Conduct in-depth technical security reviews, risk assessments, and architecture reviews for Cloud based technologies and solutions to ensure alignment with information security policies and technology guidelines.

Provide risk management guidance and advice to technology teams on cloud technologies and digital solutions.

10 or more years of working experience in IT Security, Risk and Governance practices.

3+ years of experience working in leadership role IT Security, Risk and Governance.

Knowledge and expertise in virtualization and cloud computing environments (different cloud models and types).

Hands on experience in using various Cloud Security best practices such as Cloud Security Alliance (CSA) guidelines and National Institute of Standards and Technology (NIST) guidelines.

Demonstrated experience in conducting technical risk assessments for various Cloud platforms.

Good understanding of process models and industry standards relating to IT Security, Risk and Governance.

Good understanding of security and risk management in financial institutions.

Excellent knowledge of all aspects of technology: infrastructure; operations, security, development, change/transformation, support, innovation, vendor management etc., and banking related processes especially risk management.

Should have demonstrable experience of working in many of these domains.

Strong analytical capabilities and knowledge of related tools and processes.

Proven ability to handle volume detail and summarize effectively.