Head of Service- Technology GRC- International Oversight
Full-time Sub Division: Group Information Technology Division: GCOO
Company Description
Join the UAE’s largest bank and one of the world’s largest and safest financial institutions. Our focus is to create value for our employees, customers, shareholders and communities to grow through differentiation, agility and innovation. We are looking for top talent and your success is our success. Accelerate your growth as you help us reach our goals and advance your career. Be ready to make your mark a top company, in an exciting & dynamic industry.
Job Description
Key Accountabilities:
Oversee the Tech-GRC domain for all international branches, reporting into the Head of Technology-GRC, and coordinating a team of regional managers to:
Governance
Establish strong working relationships with international management and IT teams to ensure continuously improved Technology GRC practices. Ensure local branch IT operations and Tech-GRC practices and processes align with those of the Group. Create appropriate IT policy and process addenda where so required, incorporating local regulatory mandates. Establish and oversee IT-governance forums to ensure strategic, operational and risk alignment of international branches and Group. Provide sound IT-GRC advisory services to international teams, while demonstrating a strong understanding of various IT standards, frameworks and good practices. Establish checklists to carry out gap assessments of regional IT practices and controls against industry standards and IT-related regulations applicable to the financial sector. Define, monitor and report on IT-Risk & Governance KPIs and metrics in-line with IT objectives Ensure vendor agreements supporting international technology services are in line with Bank’s IT policies, processes and standard, and regulatory mandates. Conduct annual process maturity assessment and benchmark of international branches against industry standard Prepare regular dashboards and reports for various working group and committee meetings Demonstrate ability to manage stakeholders and a team remotely to drive prioritized results and transparency with regards to IT risk management and governance activities Facilitate external and regulatory audits and self-assessments. Regularly review local IT Service Level performance, collaborating with relevant teams on continuous improvement and annual refresh of SLAs Agreements. Facilitate and prepare for regular regional technology governance committees. Actively participate in relevant technology project committees to ensure adequate and timely governance and risk reviews Maintain oversight of regional IT Incidents, ensuring timely reporting to risk and management functions.
Risk Management and Control
Understand the overall risk profile of international branches and ensure that the risks are managed and prioritized properly Act as a subject matter expert and create a first line of defence environment for the Bank’s International IT Operations with regards to IT risks and remediations. Support a culture of risk-awareness, transparency, integrity, and a platform of clear communication, escalation and trust. Ensure risk limit is in line with FAB risk appetite and compliance with Group ORM policy framework Identify all material risks, including the risks associated with new or complex products, vendors/partners and high risk activities. Facilitate and oversee the collaboration of international branches with regards to the planning and execution of risk control self-assessments. Facilitate the development and execution of the regional technology assurance framework and program Regularly evaluate IT risks, and maintain continued awareness of the business and risk profiles and changes in the operating environment and financial markets that may give rise to emerging risks. Any excesses or exceptions to risk limit should be reported promptly to the senior management and risk committee for necessary action Ensure completion and rectification of internal and external audit comments within target dates
Assist in IT risk mitigation efforts, including the submission of relevant evidences to internal and external control/regulating bodies. Draft reports for an executive audience with regards to the mitigation, transfer and/or acceptance of IT risks. Provide accurate advice to executive management with regards to local regulatory risks and requirements, by indicating knowledge of local regulation and establishing strong rapport with local Compliance, Legal and Regulatory teams.
Cloud Management
Ensure due diligence of international cloud service providers and oversee ongoing cloud service providers security assessments. Evaluate cloud solutions provided to international locations and determine risk of technology architecture, implementation, and suitability for the organization. Ensure cloud service providers contracts are compliant to Group policies/processes and relevant controls are considered in the contract with cloud service providers. Assess the risk implications of digital innovation and its impact on technology risk profile of the bank. Provide recommendations to optimize the risks and ensure technology policy and process alignment. Support and maintain risk assessment capabilities to review and assess digital business models end to end. Work with business and technology teams to better understand digital business risk and facilitate a balance between the need to protect the organization and the need to optimize customer experience. Conduct in-depth technical security reviews, risk assessments, and architecture reviews for Cloud based technologies and solutions to ensure alignment with information security policies and technology guidelines. Provide risk management guidance and advice to technology teams on cloud technologies and digital solutions
Leadership
Support assigned team with their ongoing professional development through constructive and regular feedback Establish common reporting structures and formats across international regions Ensure assigned team workload is monitored for effective and time-efficient delivery and prioritization. Instil attention to detail to the deliverables of key stakeholders and team, while preparing deliverables, reports and communications appropriate to the targeted audience and stakeholders. Effectively and regularly align with key stakeholders across the international FAB circuit and Head Office. Establish clear targets and showcase continuous improvement through performance measurements. Foster a culture of knowledge-sharing, collaboration and personal accountability.
Key Performance Indicators:
Adherence to Tech GRC budget targets Participation in relevant service line specific EA community sessions to address the GRC requirements Completion of Risk and Control Self-Assessments as per the agreed schedule Remediation of Technology GRC risk issues as per the established timelines Adequately monitor and supervise remediation of Technology Service Line risk issues as per the agreed timelines Ontime completion of KRI reporting and GORM incident management reports Completion of regulatory reporting activities as per the timelines Adherence to GRC automation initiatives implementation plans Ontime completion of mandatory trainings and meeting certification requirement Ensure external audit and regulatory certifications are completed on time without non-compliance (such as PCI DSS and NESA) Coordinate with service lines to gather RFI’s and management response for GIA (Group Internal Audit’s) on time.
Qualifications
Knowledge & Experience: 13 or more years of working experience in IT Security, Risk and Governance practices.* 5+ years of experience working in leadership role IT Security, Ris
