IT Risk Management Head

To act as the first line of defense through managing the Information Technology risks with different lines of business to identify enhancements in IT Risk Management in line with Enterprise Risk Management and risk appetite framework, in order to adequately capture, assess, prioritize, report, mitigate & manage IT risks based on international best practice. To report the top critical IT risks and highlight possible risks that are not currently captured and develop a framework to capture and govern all IT risks. To also develop and maintain IT Risk strategy, policy, procedures, process and manage IT Risk staff while embed and drive a risk culture & risk appetite in all IT functions.

key responsibilities:

• Participate in the development & Provide recommendations on policies in collaboration with Technology Risk Management team on IT policies, systems, procedures, processes related to capturing & managing different types of IT risks related to lines of business.
• Work proactively with Enterprise Risk Management, Information Security, Technology teams and business domains in the design and implementation of IT risk assessment practices.
• Manage Top Critical IT Risks and manage risks that are not currently captured and develop a framework to capture and govern all IT risks.
• Assess tools and processes that are used to continuously update the risks in order to ensure that all material IT risks are adequately captured and managed.
• Deploy Risk Appetite Indicators (RAIs) and Key Risks Indicators (KRIs) & review a consolidated list of RAIs / KRIs based on external best practices and regulatory expectations Direct and oversee processes to identify, assess, improve, and optimize risk practices within the IT environment.
• Review and manage IT Risk status report and monitor the implementation of remediation actions to provide recommendations for the IT risk measurement techniques (e.g. RCSAs) and processes.
• Force mindset and behavior changes in IT Risk Management at Bank level, – preparing a comprehensive communication, training and culture change initiative for people.
• Communicate & work directly with the business units and other internal IT stakeholder to facilitate IT risk analysis and risk management processes, identify acceptable levels of residual risk, and establish roles and responsibilities related to information classification and protection as per the published polices and respective Governance and Risk framework with various defense lines.
• Lead the IT Risk Management function, that is responsible for providing independent assessment and assurance of the effectiveness and efficiency of the IT control environment.
• Oversee the creation, dissemination and (as required) update documentation of CIB's matrix of identified IT risks and controls.
• Direct IT functional teams in the development, implementation, monitoring, assessment, and reporting of control processes, documentation and risk mitigation activities.
• Work directly with the business units and other internal departments and organizations to facilitate IT risk analysis and risk management processes, identify acceptable levels of residual risk, and establish roles and responsibilities related to information classification and protection to ensure effective participation of IT Risk function in relevant committees such as IT Board Risk Committee.

Requirements

• Bachelor's degree in business, Commerce, Economics or its equivalent.
• Master of Business Administration, CPA or CMA is preferable.
• Minimum 15 years of different relative Business, Risk Management & IT experience.
• Specific system knowledge is a plus: Core banking system such as T24 provided by Temenos, Treasury Systems such as Kondor, Digital applications such as ACH, Smart Wallet, Mobile Banking & Internet Banking, Risk Management systems such as SAS & other support areas applications such as AML applications like Embargo, HR applications like Taleo & EBS.
• International standardization.
• Strong controls mindset and understanding of potential risks in IT, operations & business environment.

Skills:

• Communication Proficiency.
• Decision Making.
• Organizational & Presentation Skills.
• Problem Solving/Analysis.
• Technical Capacity.
• Client management: tactful, resolute and committed to providing excellent customer service.
• Understands the use of information technology risks in a Strategic context as a means to an end.
• Very good command of English & Arabic languages.
• Knowledge of business management and organization.