Manager Technology Risk

Tawteen

Key Responsibilities

Risk

• Develop and implement an IT risk management framework tailored to the banking sector, incorporating CBO, SAMA, Basel II/III, and NIST standards.
• Create and conduct regular risk assessments (RCSA) on core banking systems, digital platforms, and infrastructure components.
• Provide data-based technology risk reporting, key risk indicators (KRIs), and risk appetite thresholds in coordination with the Bank s Second Line of Defence risk teams.
• Ensure effective risk controls for third-party vendors, data privacy, cyber threats, and operational resilience.
• Collaborate with Information Security, Compliance, and Audit teams to ensure consistent and integrated risk management.
• Support responses to regulatory inquiries, audits, and risk assurance reviews by financial regulators and rating agencies.
• Drive IT risk awareness and training programs to enhance risk ownership and accountability across the IT Division Leadership and teams.

Leadership & Collaboration

• Lead a small team of risk professionals, providing mentorship and direction. Ensure the team is able to balance pragmatically the operational needs of the department with Risk considerations & needs, advising on appropriate mitigations available to the risk owners.
• Collaborate with IT, cybersecurity, legal, and risk teams to integrate GRC objectives into the Bank s policies and processes.
• Serve as a trusted advisor to senior leadership on technology-related risk matters, providing holistic recommendations that balance GRC and operational needs
• Act as a liaison with external stakeholders, including regulators, auditors, and industry peers.

Skills and Competencies

• Excellent networking & influencing capabilities to ensure that relationships are utilised positively to get the work done without delays.
• Deep understanding of risk management frameworks in banking and financial services.
• Strong analytical and problem-solving skills with attention to detail.
• Excellent leadership, communication (oral and written), and stakeholder management abilities.
• out of the box thinking in providing creative solutions to problems
• Ability to influence and drive change across an organization.
• Ability to deliver well at pace.
• Musts be tactful, mature, flexible, and with an empathetic approach.

Key Performance Indicators (KPIs)

• Delivery of meaningful, holistic & accurate centralised risk dashboarding to Management, including risk heat maps by team/function, by service etc
• Timely completion of annual risk assessments and reviews plan.
• Delivery of key risk automation initiatives within agreed timelines.
• % of SECAT 3&4 IT systems with up-to-date risk assessments
• % of critical IT risks identified by the Technology Risk Team vs. identified in 2nd & 3rd Line reviews (proactive risk detection rate)
• % of technology risks with mitigation plans in place
• Reduction in residual risk over time (risk trend metrics) (from second year of RCSA)
• % of critical third parties with completed and updated risk assessments