Head of Service- Tech Risk - Governance & Compliance
Addax Office Tower Reem Island, Abu Dhabi, United Arab Emirates
Division : GCOO
The UAE’s largest bank and one of the world’s largest and safest financial institutions is growing its global presence. As a result of FAB’s international expansion, we're looking to attract and retain the best talent, from Egypt to Hong Kong, from Sao Paulo to Geneva and everywhere in between.
We recognize the difference our people bring to the business and #growstronger together.
Foster proper communication and coordination among ITD units and teams, to ensure that the ITD endeavours reflect a cohesive understanding of the Bank’s strategic, business, and technological objectives.
Guide IT teams in formulating technology strategies and roadmaps framed within the business strategy.
Identify opportunities and formulates technology strategies and roadmaps in line with the agreed strategy. Actively support and participate in development of IT strategic, tactical and operational plans.
Monitor, evaluate, handle and report on the effectiveness of IT strategies, transformation plans and their alignment with bank’s objectives.
Establish and maintain IT Committees to effectively governance and manage IT.
Derive the appropriate Governance initiatives from business and IT objectives.
Governance and Oversight
Manage definition and maintenance of IT policies and processes factoring in internal environmental factors, business needs, external regulations, emerging technologies, laws, contractual obligations, standards and industry best practices.
Manage definition and management of the IT Governance Framework including maintenance of Governance Committee Charters and support management of relevant governance committees.
Manage within the IT Governance model and process to optimize the value and benefits realization of IT investments, ensure alignment and prioritization of projects to the strategy.
Provide subject matter expertise on services and regulations to IT teams.
Maintain external focus and demonstrate technical expertise and awareness of key industry standards and trends across IT Security and Risk management practices and accredited standards to assess their impact on IT Policies.
Ensure management of international IT regulatory register in coordination with Group Compliance.
Deliver compliance to recognised industry standards and required regulations proactively.
Be proactive in informing and preparing IT Teams for upcoming legal, regulatory and industry requirements.
Act as a point of contact for internal / external auditors and regulators for all IT Governance and Risk related items.
Controls and Reviews
Responsible for development and maintenance of Unified Control Framework (UCF) and associated technology controls attributes and keeping these aligned with applicable regulatory requirements, emerging technologies and industry best practices
Periodically assess and improve IT controls, functions, policies and processes to ensure that they are optimally designed and operating effectively and efficiently.
Institutionalize operational controls such as project and change management gate reviews to optimize overall control effectiveness.
IT Risk and Security Management
Ensure comprehensive IT risk management framework is established to identify, analyse, mitigate, manage, monitor, and communicate IT risks.
Ensure the IT risk appetite and tolerance levels are understood, articulated, and communicated, and that IT related risks are identified and managed.
Promote an IT risk-aware culture and empower the teams to proactively identify IT risk, opportunity, and potential business impacts.
Work with Group Security Officer to ensure the implementation of security controls within GIT.
Oversee various risk assessment activities in GIT and ensure proper implementation of risk treatment options such as mitigation, transfer, acceptance etc.
Deliver periodic risk profile reports and KRI reports to senior management.
Engage with leadership team to review IT risk profile and risk treatment strategies.
Manage Technology risk committee meetings and ensure closure of action plans.
Identify, agree, and manage various assurance initiatives and internal reviews across GIT.
Cloud & Digital Technology Management
Actively participate in defining strategies for using cloud services as part of the bank’s strategic plan and technology architecture.
Determine appropriate level of governance for cloud computing environments and ensure sufficient control processes are defined for onboarding and management of cloud solutions.
Ensure development and implementation of Cloud Security Standards covering various aspects such as security configuration, provisioning, logging, and monitoring, identity and access management and network controls, security controls etc.
Assess the risk implications of digital innovation and its impact on technology risk profile of the bank. Provide recommendations to optimize the risks and ensure technology policy and process alignment.
Establish and maintain risk assessment capabilities to review and assess digital business models end to end.
Work with business and technology teams to better understand digital business risk and facilitate a balance between the need to protect the organization and the need to optimize customer experience.
DevOps / DevSecOps / Agile Practices
Establish and maintain policies, frameworks, methods and standards for the DevOps and agile practices.
Work with technology teams to automate control requirements across delivery pipeline. Collaborate with service teams to ensure CI / CD pipeline delivers faster time-to-market for the product and positive customer experience.
Ensure integration and standardization of related development methodologies across Technology service lines.
Facilitate the shift to the left approach of moving a task to an earlier stage in the development cycle to ensure the risk and security standards are met from the beginning.
Advocate adaptation of continuous feedback loop mechanisms and ensure team members are regularly prompted to improve the development and maintenance of the solutions.
Coach agile teams in the methodology and ensure training is provided to employees on the agile practices.
Evaluate possible bottlenecks of running the application in production and suggest service improvement plans.
Ensure compliance and security best practices are incorporated throughout the development process.
Ensure continual adoption of industry best practices for overall governance & management of IT.
Quantify the value add of the team from improvements in the control environment and reduction in risk to the IT and the business.
Direct the team to implement proper communication channel to maintain IT Policy and process awareness among IT staff.
Oversee development of key metrics and KPIs to ensure effective and efficient measures are in place.
Promote an IT risk-aware culture and empower the teams to proactively identify IT risk, opportunity and potential business impacts.
Ensure IT performance measurement systems are in place and accurate reports are shared with relevant stakeholders.
Identify and lead risk automation practices and tools to streamline efficient operation of the team and seamless interactions with its stakeholders.
Drive the Governance team to transparency of status backed by integrity and single source of truth data.
Establish beliefs, values, attitudes, and unwritten guidelines to reinforce the IT best practices and organizational culture.
Work with IT management to establish appropriate right sourcing strategies for all IT resources.
Work with various internal and external stakeholders to develop training & development plans for IT staff.
Responsible for hiring, development, and leadership of staff, continuous improvement of department processes and tools.
Lead and motivate people up and down the line to act in accordance with philosophy, policies, procedures, and standards in carrying out the plans.
Responsible for engaging, empowering, developing, and rewarding a talented and highly dedicated team of IT Governance and Risk professionals.
Operate an efficient workload planning process for the team and identify the appropriate resourcing solutions to deliver each objective.
Knowledge & Experience :
13 or more years of working experience in IT Security, Risk and Governance practices.
5+ years of experience working in leadership role IT Security, Risk and Governance.
Evidence of influencing senior stakeholders and dealing with external auditors and regulators.
Excellent interpersonal skills and good oral and written communication skills.
Good understanding of process models in ISO and industry standards relating to IT Security, Risk and Governance.
Good understanding of security and risk management in financial institutions.
Good understanding of innovations / trends in IT and fintech in particular
Recent experience in the governance of agile and other digital / innovation ways of working.
Good experience o