About the Job
Comera Pay is uniquely positioned to drive the UAE’s transition towards a cashless society. It leverages cutting-edge technology to provide innovative financial solutions, making everyday transactions seamless and secure. As a Senior Risk Specialist, you will be responsible for overseeing the company’s technology risk management framework, maintaining security and compliance certifications, ensuring compliance with CBUAE regulatory requirements, and leading various GRC initiatives. You will work closely with cross-functional teams to identify, assess, mitigate, and monitor risks, ensuring that our technology and business processes comply with local and international standards.
Ready to apply for roles like this?
Unlock the company name and direct application link. Subscribers get instant access to fresh jobs across Dubai, Abu Dhabi and Riyadh, many with visa support.
Unlock employer & apply directly
Responsibilities:
- Lead the development and maintenance of the organization's risk register and ensure timely updates and reporting of the Risk and Control Self-Assessment (RCSA).
- Monitor and report on key technology risk indicators (KRIs) to senior management and relevant stakeholders.
- Manage the ongoing maintenance of PCI DSS, ISO 27001, ISO 20000, and UAE IA certifications, ensuring compliance with all applicable requirements.
- Coordinate regulatory, internal, and external audits, addressing any findings and implementing corrective actions as necessary.
- Ensure compliance with Central Bank of the UAE (CBUAE) technology risk regulatory requirements, including guidelines, standards, and circulars.
- Stay abreast of regulatory changes and updates, assessing their impact on the organization and advising senior management accordingly.
- Collaborate with the IT and DevOps team to ensure IT General Controls are in place and are aligned with regulatory requirements and industry standards.
- Evaluate and manage risks associated with third-party vendors, including conducting due diligence and ongoing monitoring of vendor performance and compliance.
- Develop and deliver training programs to enhance risk awareness and promote a culture of risk management across the organization.
- Maintain accurate and up-to-date documentation related to risk management, compliance, and certification activities.
Skills and Attributes:
- In-depth knowledge of PCI DSS standards, CBUAE technology risk regulatory requirements, and global information security frameworks (ISO 27001, NIST, etc.).
- Proven experience in managing and maintaining compliance with regulatory requirements and industry standards.
- Ability to work independently and manage multiple priorities in a fast-paced environment.
- Adhere to the organization's Information Security policies, ensuring the confidentiality, integrity, and availability of information.
Qualifications:
- Bachelor’s degree in IT, Computer Science, or a related field.
- Professional certifications such as CISSP, CISM, CRISC, PCI DSS QSA, ISO 27001 LA/LI or equivalent is highly preferred.
- A minimum of 7 years of experience in technology risk management, GRC, or a related field within the financial services or FinTech industry.
