Manager - Technology Risk Management

National Bank of Fujairah (NBF)

Job Purpose

To be a part of the Information security team, responsible for the following technology risk management activities:

Develop and implement risk assessment strategies for technology systems, and processes.
Develop and maintain the technology risk management framework, policies, and procedures.
Conduct risk assessments on new and existing technologies, systems, and third-party vendors.
Collaborate with stakeholders to ensure compliance with regulatory requirements and industry standards like NESA, PCI-DSS, NIST, COBIT, ITIL, SWIFT CSP and ISO 27001).
Provide risk advisory support for digital transformation, cloud adoption, and other strategic initiatives.
Develop and review the information security policies, standards and guidelines.
Monitor and manage risks related to data security, system failures, and reputational impact.
Lead initiatives to improve technology risk management processes and tools.
Facilitate concurrence of technology requests based on risk assessments.
Provide expert guidance on risk mitigation strategies and control implementation.

Key Accountabilities

Risk assessment strategy
Risk assessments
Third party risk assessment
Information Security documents development and review
Management of risk items identified
Process improvements / dynamic analysis tools

Other Accountabilities Other Accountabilities Job Context

The principal challenges of this role include:
Dealing with rapid and on-going changes in technologies and Cloud environments.
Arranging to acquire a broad scope of skills required by Information Security Risk, including:
specialised Information Security Risk and Control expertise (theory and principles), detailed knowledge of information security risk standards, policies and guidelines
Commercial understanding required to contribute to and support business functions, operations as well as project and consulting tasks.
Ensuring that Information Security support NBF s business objectives.

Education

Graduate in Computer Science or Information Technology 

Experience and Skills

Education level:

Bachelor s degree in information technology, Computer Science, Cybersecurity, or a related field.
Advanced degrees (MBA, Master s) in relevant areas or certifications are a bonus.

Professional Qualifications
CISSP, CISA, CRISC, CEH, ISO 27001 LA, SANS GIAC or equivalent preferred.

Good Knowledge in the following:
Risk assessment
Technological proficiency
Auditing
Cybersecurity
Security assurance functions

Work Experience:

At least 5 8 years of experience in technology risk, IT governance, risk and compliance (GRC), information security, or internal audit.
Proven track record in identifying, assessing, and mitigating IT risks.
Have experience in implementing ISMS and PCI standards.

Technical Competencies Regulatory Compliance and Fraud- Risk Management- Basic Operational Risk Management -Risk Management- Basic Cyber & Information Security - Risk Management-Advanced Behavioural Competencies Change and Innovation - Proficient Communication - Proficient Evaluating and Solving Challenges - Proficient Results Orientation - Proficient Working and collaborating with others - Proficient