Sr. Manager Information Security Risk

**Advansys** is a dynamic solutions provider focused on delivering smart, modular, and sustainable technology solutions that enhance operations, improve customer experiences, and drive business modernization. With over 400 skilled engineers, we serve 100+ enterprise customers across 14 countries. Specialized in a wide array of premium services including Business Automation, Industrial Digitization, Low code Development, Cloud Services, Warehouse Automation & Strategic Outsourcing.

Founded in 2014, Advansys is part of the INTRO Group, a private conglomerate established in 1980 with diverse investments across different business areas, oil and gas, real estate, specialized engineering, financial investment, Food & manufacturing.

**Job Purpose**:
This role is responsible for developing, managing, and executing the Information Security Risk Management program.

The incumbent will play a critical role in ensuring the bank's resilience by effectively identifying, assessing, and mitigating information security risks, both internally and from external parties.
- Main responsibilities are to: Contribute to the cybersecurity strategy to expand with secure and reliable service offerings.
- Improve the ability to identify, assess, and mitigate risks within our environment, and risk posed by external suppliers who access the environment and data.
- Drive operational resilience through visibility on third party resiliency measures.
- Ensure an in-built approach to build a resilient security posture.
- Establish a well-structured third-party risk management program that adheres to best practices.
- Risk Life-Cycle Management:

- Refine risk lifecycle management process and methodology for the bank in alignment with Enterprise Risk Management (ERM) and Operational Risk Management (ORM), enabling the same in ISG Risk solution.
- Act as a trusted advisor to the business by supporting risk-based decision-making. Collaborate with ERM and ORM to design an Information Security Risk Management framework to ensure continuous alignment with business needs, the internal and external threat landscape, and regulatory requirements.
- Integrate the ISG Risk solution with existing risk management systems to enable tracking, assessment, and reporting of risks.
- Develop processes for documenting, assessing, and approving Information Security exceptions, ensuring they are monitored and tracked to resolution with clear accountability.
- Third-party Risk Management:

- Enhance, maintain and oversee the third-party risk management program (TPRMP).
- Conduct due diligence assessments and ongoing monitoring to ensure compliance with the bank information security and contractual requirements.
- Ensure that all third parties that the organization deal with comply with the organization’s information security requirements and in alignment with Bank’s TPRM framework.
- Perform Security risk assessments as per annual plan and ensure documentation of all key risks in GRC platform for tracking and remediation.
- Ensure alignment of third-party risk management practices with industry standards such as ISO 27001, NIST, and PCI-DSS.
- Information Security RCSA (Risk Control Self-Assessment):

- Enable and monitor the effectiveness of the Information Security Risk Control Self-Assessment process to identify and manage information security risks.
- Cyber Risk Management:

- Manage the bank ’s cyber risks by implementing a mechanism to identify, assess, and mitigate the key cyber risk to the bank.
- Develop and maintain a centralized risk register to ensure proper tracking and effectively reporting the identified risks.
- Provide regular reports to senior management and key stakeholders on the bank’s cyber risk posture
- IS Risk Solution Management:

- Act as the business owner of ISG, overseeing governance, management, and administration of the bank’s ISG Risk solution.
- Enable centralized knowledge base and Risk solution to automate Information Security risk process with a centralized risk register, risk reports and dashboards related to overall risk posture for specific location and business unit.
- Collaborate with local CISO’s / IS SPOCs to facilitate regulatory audit discussion and data required from ISG.

**General**:

- Maintain a Risk roadmap and present progress bi-monthly to the Head of IS GRC.
- Demonstrate adoption of ISG vision, mission, key principles, cultural and operational objectives. Support actively key ISG transverse initiatives.
- Manage IS Risk activities to deliver quality within the timeline and agreed budget. Escalate in advance any alert, risk, critical dependency, and issues that arise with options for their management to ensure proactive management.
- Ensure preparation, execution and follow-up of regulatory examinations, audits, and assessment. Those reviews shall not result in any critical or high-risk issue for ISG or for ISG Risk.
- Ensure closing of all legal, regulatory and audit issues with the expected level of quality