JOB PURPOSE:

To assess current IT applications risks, threat indicators, exploits and vulnerabilities and support incident response and remediation efforts and apply Risk Appetite Indicators and Key Risks Indicators (across all dimensions). To also act as IT Risk focal point with IT Governance & Compliance, ERM, Information Security & IT with respect to IT Risks reporting & remediation and participate in the implementation process for IT Risk tools/systems with Projects team.

KEY ACCOUNTABILITIES:

Description
1. Conduct IT Systems review to identify & assess Risks with recommended remediation to mitigate the risk and closure of vulnerabilities.
2. Provide assessment & assurance of the effectiveness and efficiency of IT control environment to monitor Risk Appetite Indicators and Key Risks Indicators across all IT domains & Business areas
3. Follow up on current threat indicators, exploits & vulnerabilities list remediation actions to ensure risk mitigation.
4. Support incident response and provide IT Risk Head with consolidated IT Risks progress reports.
5. Prepare consolidated IT Risk reports/presentations for dashboard managed by Technology Risk & committees.
6. Ensure all IT Risk Management consolidated reports, presentations, SOP and other department’s inputs/outputs are documented and updated.
7. Identify Top Critical IT Risks and highlighting possible Risks that are not currently captured and recommend a framework to capture and govern all risks.
8. Review and provide recommendations for the IT risk measurement techniques (e.g. RCSAs) and processes
9. Serve as the focal point with ERM, GC, Information Security & IT with respect to IT Risks reporting & remediation.
10. Participate in IT Risk tools/systems projects implementation with Projects team & other IT divisions.

11. Prepare a consolidated list of RAIs / KRIs based on external best practices and regulatory expectations Direct.

Policies, Processes and Procedures

12. Follow all relevant department policies, processes, standard operating procedures and instructions so that work is carried out in a controlled and consistent manner.

Day-to-day Operations

13. Follow the day-to-day operations related to own jobs in the IT Security, Control and Quality Assurance department to ensure continuity of work.

Compliance

14. Comply with all relevant CBE regulations, banking laws, AML regulations and internal CIB policies and code of conduct in order to maintain CIB’s sound legal position and mitigate any potential risks.

QUALIFICATIONS, EXPERIENCE, & SKILLS

 Bachelor’s degree in Information Technology, IT Security, Computer Information Systems or its equivalent.

 Information Assurance Certifications preferred (CISSP/CISA, Security+, GSEC, CRISC or equivalent) is plus

 For Senior Officer: Minimum 10 years of solid experience in related areas such as Risk Management, Technology Risk, Information security and IT.

 Very good command of English & Arabic languages.

 Excellent knowledge of Microsoft Office applications, Power Point, Word, Excel, Internet and E-mail

 Solid knowledge about automated reporting system & Project Management

 Experience with Key Risk Indicators and Technology Risk reporting are preferred

 Ability to interpret regulations and laws, and communicate effectively to all levels of the organization.

 Strong verbal and written communication skills.

 Ability to work successfully in a cross-functional team environment.

 Communication skills & Presentation Skills

 Delivering results: ability to plan and organise work to achieve objectives accurately within set target dates.