The IT Risk Manager guides the assessment of technology, information, and cybersecurity risks associated with technology and cybersecurity initiatives and operations, providing recommendations for risk controls. Responsibilities include managing the ongoing monitoring of initiatives to ensure sufficient risk-preparedness activities, facilitating incident resolution, and acting as a technical risk expert to ensure regulatory compliance and risk coverage is in place.
Ready to apply for roles like this?
Unlock the company name and direct application link. Subscribers get instant access to fresh jobs across Dubai, Abu Dhabi and Riyadh, many with visa support.
Unlock employer & apply directly
Responsibilities
- Sets governance procedures for documenting and updating technology and cybersecurity policies, standards, guidelines, and procedures.
- Documents and implements procedures for technology and cybersecurity breach incidents and post-breach activities.
- Facilitates Technology and Information Security staff’s operational implementation of technology and cybersecurity risk frameworks.
- Recommends strategies to address risk areas based on assessments of business needs against security concerns and regulatory requirements.
- Leads the conduct of risk and control assessments, system assessments, and stress testing to identify risk profiles.
- Reviews organizational assessments and augments security controls with 3rd party and internal Technology and Information Security staff.
- Analyzes technology and information security risk metrics to address emerging risks.
- Implements routine technology and information security risk monitoring activities.
- Assesses risks in new technology/digital initiatives and function/business technology usage.
- Provides strategic and technical recommendations following the identification of vulnerabilities within IT systems.
- Reviews existing risk monitoring mechanisms to reflect changing trends, regulations, and industry best practices.
- Enforces, incorporates, and complies with all necessary controls and related information security (EIS) policies, procedures, practices, training, reporting, personal due diligence, and vigilance within departmental/unit activities and operations.
Qualifications
- A tertiary-level qualification from an internationally/regionally recognized institution, preferably a degree in Finance, Business, Economics, Mathematics / Statistics.
- Recommended to have 5 to 8 years of experience in technology and risk management, preferably in the banking industry.
- A successful track record of implementing IT risk assessment frameworks, preferably in a commercial and/or corporate banking environment.
- Demonstrates strong ability to draw connections between business or operational actions and risk assessment results, deriving and communicating insights and recommendations to a senior audience.
Technical Competencies
- Business and IT Risk Assessment
- Cybersecurity
- Data Collection and Analysis
- Emerging Technologies
- Policy Implementation
Behavioral Competencies
- Problem Solving
- Communication
Location
Riyadh, Saudi Arabia
