Principal Analyst- Tech Risk - Infrastructure (Emiratised role)

Company Description

 FAB, the UAE's largest bank and one of the world's most secure financial institutions, is dedicated to creating value for its employees, customers, shareholders, and communities. Through innovation, agility, and differentiation, FAB is committed to fostering growth. We are looking for top talent and your success is our success. Accelerate your growth as you help us reach our goals and advance your career. Be ready to make your mark a top company, in an exciting and dynamic industry

Job Description

JOB PURPOSE

The selected candidate will report into VP, Tech GRC and lead efforts to:

1. Provide advisory services to Enterprise Architecture, Infrastructure and Workplace Services teams with regards to best practices, compliance requirements and risk mitigation controls;
2. monitor and report on the timely and appropriate remediation of IT risks and issues;
3. maintain oversight of regulations, circulars and notifications relevant to IT operations and controls, and accordingly advise IT project and technical teams.
4. Prepare regular reports covering risk findings, vulnerabilities, KPIs and KRIs across IT Infrastructure & Workplace Services, to be communicated to Senior/Executive Management, while tracking related actions and decisions.
5. Prepare regular reports covering risk findings and service improvements related to Enterprise Architecture
6. Create IT Control Governance & Compliance self-assessment checklists, share with infrastructure and enterprise architecture teams, and regularly track related results, trends, KPIs and KRIs.
7. Ensure that appropriate risk and compliance inputs are shared timely with relevant parties when drafting Risk Acceptance Forms, Project Business Cases, Plans, Requirements Documents etc.
8. Support the analysis of vulnerability trends, conduct action plan reviews and provide overall remediation oversight
9. Support and provide governance and risk oversight related to information security reviews and assessments.
10. Facilitate risk assessments, internal and external audits across the assigned Group Technology teams.
11. Assure quality of evidences and findings associated with technology risk and control self assessments.

KEY ACCOUNTABILITIES

Governance

• Support activities related to the development, implementation and compliance oversight of IT Policy and processes, particularly those relating to infrastructure components and services.
• Review and provide advice on the creation of IT Infrastructure and SecOps SOPs.
• Provide sound IT-GRC advisory services to Infrastructure and Security Operations teams, while demonstrating a strong understanding of various related IT standards, frameworks and good practices.
• Establish checklists to carry out gap assessments of IT Infrastructure, Enterprise Architecture and Security processes and controls against industry standards, and IT-related regulations applicable to the financial sector.
• Prepare regular dashboards and reports for various working group and committee meetings
• Regularly review local IT Service Level performance of IT Infrastructure and Security services, collaborating with relevant teams on continuous improvement.
• Prepare content for regular technology governance and risk committees.
• Actively participate in relevant technology project committees to ensure adequate and timely governance and risk reviews
• Maintain oversight of infrastructure and security IT Incidents, ensuring timely root-cause-analysis reporting to risk and management functions.

Risk management and control

• Understand the overall risk profile and ensure that the risks are managed and prioritized properly
• Act as a subject matter expert and create a first line of defence environment for the Bank’s IT Infrastructure, Enterprise Architecture & Security domains with regards to IT risks and remediations.
• Update, maintain and track updates on the risk and vulnerability registers on designated system or records.
• Facilitate, manage and quality assure infrastructure technology risk control self-assessments.
• Regularly evaluate IT risks, and maintain continued awareness of the business and risk profiles and changes in the operating environment and financial markets that may give rise to emerging risks.
• Report promptly any excesses or exceptions to risk limit to line management for necessary action
• Ensure completion and rectification of internal and external audit comments within target dates

• Assist in IT risk mitigation efforts, including the submission of relevant evidences to internal and external control/regulating bodies.
• Draft reports for an executive audience with regards to the mitigation, transfer and/or acceptance of IT risks.
• Support in preparing risk, vulnerability management and security review dashboards.
• Collaborate with internal technology and security teams to finetune asset inventory and vulnerability management tools, reducing false positive alerts and ensuring truly critical issues are prioritised.
• Facilitate security assessments and internal/external audits with regards to enterprise architecture practices, technology infrastructure, workplace and security services. Tasks include the identification of appropriate stakeholders, timely collection of evidences, quality assurance of submitted evidences, submission of management responses to control functions and regulators.

Qualifications

Qualifications

• Bachelor’s degree, preferably in Information Technology, Engineering/Computing
• Professional IT Audit Certification - E.g. CISA, ISO 20000 LA/LI, 27000 LA/LI
• Professional IT Infrastructure and Enterprise Architecture Certification
• Professional IT Security Certification – E.g. CISSP, CISM, ISO 27000 series LA/LI
• Professional IT Service Management Certification – E.g. ITIL v3 Expert, ISO20000 LA
• Professional IT-Governance Certification – E.g. COBIT5 Implementer, ISO like CISA and COBIT5 implementer
• Professional Cloud Security Certification – E.g. CCSP.

Experience

• 12+ years of experience in IT risk management, Security Operations and Infrastructure management roles
• Strong understanding of IT Infrastructure technologies and architecture, incl. network management, system administration, database administration and security operations.
• Strong understanding of Cloud platforms, deployment models and related best industry practices and frameworks
• Strong track record in IT Assurance, IT Audit, IT Process Management
• Prior experience of vulnerability management methodologies and remediation methods
• Strong understanding of application, system and database hardening techniques and practices
• Prior experience in the banking sector
• Prior experience of working with systems such as Archer, Jira, Service Now, or any other IT-GRC and Service Management platform.

Skills

• Strong stakeholder and people management skills
• Strong analytical skills with attention to detail
• Strong time management skills
• Strong dispute management skills
• Ability to cope, prioritize and track great workload
• Good writing, communications & presentation skills
• Results oriented, driving activities to their closure while coordinating across teams.

Additional Information

• Ability to work with and drive results with remote teams.
• Understanding of IT and Cloud best practices, methodologies and regulations.
• Ability to communicate succinctly and clearly risk concerns and priorities across both senior management and technical and operational teams.
• Understanding of information security best practices, technologies and processes.