Website Emirates NBD
Emirates NBD, the leading banking group in the region was formed on 16th of October 2007 when the shares of Emirates NBD were officially listed on the Dubai Financial Market (DFM). The Emirates NBD 2007 merger between Emirates Bank International (EBI) and the National Bank of Dubai (NBD), became a regional consolidation blueprint for the banking and finance sector as it combined the second and fourth largest banks in the United Arab Emirates (UAE) to form a banking champion with the largest asset base in the GCC region summing up to AED 281.6 billion as at 31st December 2009, capable of delivering enhanced value across corporate, retail, Islamic and investment banking throughout the Gulf Cooperation Council (GCC) region
Manager, Technology and Business Information Security (TBIS)
The purpose of the role is to support the organization (Group IT) in its Enterprise Technology Risk (audit & operational risk), Regulatory Compliance and governance activities. The role also contributes to the development, implementation, and maintenance of ENBD’s standards, framework and processes related to enterprise technology risk (audit & opsrisk) and regulatory compliance across the Group and the regions we operate.
This unit is responsible for facilitating the analysis, preparing the mitigation plans and tracking variances and periodically following through to reduce the backlog and presenting the Enterprise Technology Risk updates (audit & opsrisk) and regulatory compliance levels of the Group across the organization. This unit also ensures that best practices and benchmarks are applied for maintaining better adherence to strive towards the objectives of a global technology leader.
The purpose of this job is to:
- Contribute for the definition of vision for the team and play a key role for the implementation of strategic plans related to Enterprise Technology Risk (audit, risk) and regulatory compliance for the organization.
- Manage the governance of the IT Threat register/Audit Register and highlights the risks and the business impact to relevant stakeholders.
- Development and Implementation of Enterprise Technology Risk (audit, risk) and regulatory compliance frameworks for the strategic positioning for the process.
- Collaborate with Internal Audit to conduct IT audits in a timely manner and ensure follow-up of open issues are rectified as per agreed action timelines and report any non-compliances to senior stakeholders.
- Collaborate with external auditors to ensure IT Audits are performed in a systematic approach
- Present the outcome as a summary of pending audit/risk/regulatory compliance issues to senior management on a regular basis.
- Single point of contact for all internal/external audits to coordinate the efforts and measures needed to drive the audit.
- Ensure Policies, Standards, Procedures undergo internal quality checks and manages the lifecycle of the related documents.
- Responsible for tracking of security metrics and timely reporting to EXCO.
- Contribute to the technical initiatives to drive the Data Privacy/Protection maturity across the bank
- She/he will also lead the team to align with business stakeholders on possible ways to meet security challenges and promote security awareness & security culture across the organization. Creating the culture of business security champions to develop awareness across the organization. She/he ensures early involvement of security in business projects to avoid unnecessary rework or delays
- Manage the various regional regulatory frameworks and data privacy standards, which the Group must adhere to, such as UAE NESA, TRM, SAMA CSF, RBI Guidelines, PCI DSS, PRA/FCA Guidelines, SWIFT etc.
- Manage Data Privacy and Consumer protection program for Technology domains
- 9+ years’ experience in the Information Security domain of which at least 3 years in the financial industry
- Business acumen: Experience of 3 years understanding the financial industry, technologies and specific operations that relate to banking & finance
- CRISC/CISM/CISSP, CISA, ISO 27001 Lead Implementer/Auditor, CEH / PCI ISA, ITIL Foundation
- Technical background covering heterogeneous technologies and multiple security domains
- Competence in the use/customization of GRC tools
- Deep knowledge of security frameworks (such as ISO 27001, ISO 20000) and how to embed them into business requirements
- Knowledge required of security controls, typical pitfalls and required measures for security compliance. Deep experience of the current new and emerging technologies backbone
- IT Service Management, Enterprise Risk Management, Audit methodologies, regulatory compliance management/frameworks.
AS Mentioned in the JD
To apply for this job please visit enbd.taleo.net.