Senior Lead, Technology & Cyber Security Risk Oversight

To support the implementation of the Emirates NBD Operational Risk management framework and its associated controls through the associated policies and risk management tools in an integrated, transparent and consistent way.

Job Purpose

Lead the role in driving technology and information security risk related oversight requirements for the group to enable the execution of the enterprise risk management strategy.

Conduct Risk and control self-assessment (RCSA)

Develop and implement KRI monitoring and demonstrate the risk posture of the group and its entities.

Collaborate with technology and business stakeholders at Group and International locations to manage risk reduction efforts

Oversight on Technology domains across Group

Investigating complex system/technology control failure events

Manage the technology risks across each business entity and subsidiary

Review regulatory submissions for technology domains for all entities.

Provide expert advice to senior management and department heads of Emirates NBD, Emirates Islamic and International locations.

Maintain the Technology Risk register

Job Content

Technology Risk Assessment & Management

Perform Risk and Control Self-Assessments (RCSA) , ORCA s and challenge first line of defense (1LoD) risk identification, ensuring robust risk profiling for critical business processes and systems (e.g., intraday liquidity management in core banking system, SaaS apps for fintech solutions).

Support Materiality assessments for technology initiatives

Perform scenario planning to address unmitigated cyber threats (e.g., black swan events)

Develop IT risk tolerance models, including inherent and residual risk assessments, to guide risk acceptances

Support development of cyber risk oversight process, frameworks and systems

Technology Risk Oversight

Oversee red teaming simulation and evaluation of controls across all domains, including cloud platforms using evidence-based control evaluation (EBCE) and risk-based methodologies

Execute deep dives into IT processes to identify gaps, propose solutions, and track mitigation actions.

Review cyber threats, supplier, pen testing and vulnerability assessment reports and recommend the remediations based on risk exposure

Lead independent review of cyber breach and tech control failures

Oversee the incident response for cyber incidents, technology disruptions, and control failures

Review incident response plans for core banking systems, incorporating scenarios for cloud, AI, and critical business system failures

Logical security Oversight: Oversee IAM frameworks, ensuring secure access with MFA, privileged access management (PAM), and compliance with security frameworks

Privacy Oversight: Manage data protection and privacy risks, ensuring compliance with various data protection regulations.

Oversee the regulatory submissions by 1st LOD

Data-Driven Oversight: Implement risk quantification tools (e.g., FAIR model) to prioritize investments.

Risk reporting (UAE and International)

Monitor and report risk metrics, Key Risk Indicators (KRIs), risk threshold, count to various committees and regulators, emphasizing inappropriate access, control, technology breakdowns, and emerging tech risks.

Oversee root cause analysis for operational risk events (historical, potential, external), ensuring timely resolution and lessons learned.

Quantify financial and reputational risks of incidents for executive reporting.

Deliver detailed and accurate report and memo with ability to articulate risks and security issues to both technical and non-technical stakeholders.

Maintain up to date risk register.

Act as a subject matter expert on Basel II/III risk structures, supporting audit and regulatory reviews.

Prepare regulatory filings and ensure timely remediation of findings.

Governance of Technology Risk

Develop a technology risk governance framework aligned with Basel III, ensuring Information security support business objectives.

Review processes related to change management, IT asset management, and platform security to minimize risks.

Strengthen the second line of defence (2LoD) control framework, ensuring robust oversight of 1LoD activities.

Facilitate governance committees to escalate and resolve critical IT risk issues.

Promote risk awareness through training and communication with business and engineering teams to enhance framework compliance

Teamwork

Achieve desired performance of the team

Support team members in their development within Group OpRisk and Emirates NBD

Strive to achieve the unit goals by supporting others and collaborating actively within and outside the team with colleagues from other units/departments.

Education

Bachelor s degree in Cybersecurity, IT, or a related field (or equivalent experience).

Minimum 7 of experience in Cybersecurity and Risk Management.

Technical Security Certifications such OSCP, GCTI, AZ500

Information Security Certification such as CISSP, CISM, CRISC

Experiences

Minimum 10 years experience.

Information Security expertise

Big4+

Knowledge & Skills

Expert Knowledge and Hands-On Experience in Cybersecurity and IT Risk Management

Developing cyber security and risk management oversight frameworks for banking institute

Company Industry

• Banking
• Broking

Department / Functional Area

• IT Software

Keywords

• Technology & Cyber Security Risk Oversight

Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at abuse@naukrigulf.com