Job Description

CORE RESPONSIBILITIES Assist in promoting adherence to information risk standards and procedures which Implement ADHICS Compliance in Health Care Group

• Provide inputs to design of the Information Risk Management (IRM) framework. Take responsibility for maintaining the framework, including refreshing and implementing an annual program.
• Build awareness of new and evolving risks across in-scope functions and IT.
• Lead the identification of key risk indicators (KRIs) for in-scope functions based on up-to-date situational analyses and trends. Provide relevant and timely information on KRIs for effective risk oversight.
• Develop action points to ensure that KRIs which exceed thresholds are reduced to an acceptable level.
• Perform annual IT risk and audit reviews in line with the approved annual plan.
• Provide second-line security and audit assurance for continuous improvement.
• Collaborate continuously with internal audit and other key internal stakeholders as part of the overall enterprise risk management framework.
• Contribute towards establishing credible risk governance, an integrated risk management mindset, and an execution approach which appropriately prioritizes action based on business impact.
• Implement appropriate systems and processes that ensure information risks are proactively managed and undesired events (when they occur) are detected and remedied early.
• Participate in the development of risk plans and procedures, as well as organizational structures, that provide an acceptable level of assurance in IT.
• Follow up on open audit and risk items to ensure closure.
• Manage the business continuity plan (BCP) for IT. Ensure continuous and regular validation and testing of documented/ approved BCP.
• Conduct continuous risk assessments for new and existing solutions.
• Aggregate information to identify operational control weaknesses and build a risk management dashboard that is refreshed and published periodically.
• Perform gap assessments and follow up to ensure timely remediation of gaps and implementation of new IT processes.
• Review policies and develop processes and procedures that provide an acceptable level of assurance.
• Perform other tasks and duties as assigned by the Manager, IT Risk & Control.

MINIMUM EXPERIENCE & ESSENTIAL KNOWLEDGE

• Bachelor's degree in Computer Science, Computer Engineering, Information Technology, or related disciplines.
• 2+ years' relevant work experience in Information Security, Risk Advisory, and IT Compliance.
• Professional certifications such as CISA, CRISC, ISO27001, ISO27005: Lead Risk Manager and Work in Health Care will be an asset.
• Proven knowledge of risk management, information security, mobile core technologies and controls
• IT Audit
• Vulnerability Management
• Business Continuity
• Risk Management

Job Type: Full-time Ability to commute/relocate:

• Al-Ayn: Reliably commute or planning to relocate before starting work (Required)