Job Role : INFORMATION SECURITYMANAGER
JOBSUMMARY InformationSecurity officer shallbe, responsible for performing the info sec review ( TRA, ProjectReview, RCSA review, Change Request review etc.
and ensuringcompliance with the security policies and regulatoryrequirements.
Thepurpose of the job is : Tostudy the TRA pre-requisites like TRAQ,Design and then conduct the Tech risk assessments for variousbanking IT applications and infrastructure components.
Discuss andReview with various IT stakeholders to complete the IT RCSA,identifying the control design adequacy and operatingeffectiveness.
To participate in IT change management committee(CMC) meetings, to study changes proposed in design and enhancementof various IT applications and raise security concerns to beaddressed by IT, and participate in CAB- change approval boardmeetings, and also review& approve changerequests.
KEYACCOUNTABILITIES Understand and Delivery ofSecurity Compliance requirements at UAE. Highlightsecurity status& concerns to management.
perform risk assessments Consultwith IT and information security staff to ensure that animplementation plan is established.
Track open Audit issues oninformation security to closure Risk assessments for localimplementations ReviewChange Requests MaintainMIS asrequired.
ROLES ANDRESPONSIBILITIES Actively contribute to thesecurity risk management program for the bank. Discuss with IT forRisk control self-assessment of IT service catalog services&Identify control deficiencies and highlight ReviewBRDs,Solution Design, Concept Design and any other requirements fromvarious business units and IT meeting the security policies of theFAB.
Conduct comprehensive risk assessments for the newapplication, infrastructure implementation or major enhancements.Continuously update the comprehensive risk and control library andcoordinate with the GRC team for automation.
TrackRisk remediationplans and escalates if required. Maintain and track IT exceptionswhenever required. Maintain all documentation related to tech riskassessments as per the prescribed format Keepall Risk assessmentrecords updated in the repository and Risk Library updatedMaintaina threat library relevant to various technology and do thenecessary mappingand inference to Risks reported Conductcontroleffectiveness assessments for NESA scoped IT services and infraservices on a sample basis Review the PCI DSS compliance forregional locations as applicable.
Study the risk assessments forthe new application, infrastructure implementations or majorenhancements and ensure risks are mitigated as part of the designpresented in the CMC (Change management committee) Review andapprove IT changes as part of the weekly Change approval board(CAB).
Track and escalates changes implemented with target riskremediation plans Reviewemergency change requests and support IT inemergency CR deployment by providing security recommendations.
Coordinate and collaborate with risk assessment personal in sharingkey inputs from CMC meetings and CAB meetings for increasing theeffectiveness of risk assessments Respond to queries that aresought by local Regulatory Authorities / Law EnforcementAgenciesHead Office in a timely manner with complete and accurateinformation.
Review and assesses the regulatory compliancecirculars / notices, and security controls as applicable. ReviewManagement Dashboards / Security MIS as required.
ELIGIBLE CANDIDATEPROFILE * Bachelor (or) Masters inEngineering / Technology (or) Master in Science graduates with 5+years of experience in information security