Wahed - Manager - Technology & Cyber Risk

Roles & Responsibilities :

- Accountable directly to the VP of Risk Management.

- Working in the second line of defense you will partner with the first line to develop balanced risk-taking within the organization by promoting positive behaviors and a culture of openness.

- Represent Technology and Cyber Risk at appropriate meetings and deputize for the VP Risk Management where required.

- Provide risk briefings to the Head of Risk ensuring risks, issues and appetite breaches are monitored and escalated thoughtfully.

- Develop effective control frameworks based on industry best practices such as NIST, COBIT, and ISO27001, which adapt to meet changing regulatory landscapes and technical environment changes e.g., Cloud hosting and migration, data sovereignty legislation etc.

- Review, evaluate, and test ITGC (IT- General controls) and ITAC (IT application controls) failures and recommending appropriate solutions

- Perform independent testing (ITGC, ITAC, Phishing, vulnerability assessments) and support IT testing by external agencies covering all the key IT controls in the Company

- Experience in working with Firewalls (including Cyber security), VPN, Office 365 Security, Endpoint Security, etc.

- Perform regular audits and provide recommendations and guidance on identified security and control risks.

- Ensure complete, accurate and timely audit information is reported to Management and/or Risk Committees.

- Develop a strong understanding of business and system processes

- Develop, implement, and maintain internal audit policies and procedures in accordance with local and international best practice

Job Specification:

- Knowledge of risk management principles and the interrelationships of 3LoD

- Enthusiastic about technology and Cyber Security including tracking industry trends

- Understanding of key technology frameworks and standards such as ITIL, COBIT, NIST etc.

- A degree in information technology/computer information systems or related.

- Certified Information Systems Auditor (CISA) qualified

- Clear understanding of IT audit methodologies.

- Great awareness of cyber security trends and hacking techniques

- Ability to multi-task, prioritize, and manage time effectively

- Ability to deliver high-quality work under deadlines.

- Able to work with minimal supervision

- Analytical and can work with data

- Able to plan and adapt quickly to changes in priorities

- Discretion and confidentiality is essential

- A strong command of the English language both written and verbal