JOB PURPOSE:
To conduct regular independent risk assessments and evaluations, recommend mitigating controls and help determine an acceptable level of risk for the bank and third parties in order to ensure that all digital assets in ADCB are protected against all known current and future vulnerabilities while adhering to all required standards, policies and regulations

ACCOUNTABILITIES:

1.Risk Based IS Assurance:
Conduct periodic risk assessments and identify and recommend the best ways to reduce any information security risks to acceptable level to ensure that Information Security controls are applied to all systems and IT processes
Maintain risk, issue and change registers for information security and ensure security controls are adequate in order to mitigate threats and ensure security risks are kept to an acceptable level through security incident management, audit and reporting

2.Security Programme Development:
Participate in the implementation, and monitoring of information systems security management plans in order to ensure alignment with the required standards

Recommend solutions for automating manual process in IS assurance function to improve efficiency and effectiveness

3.Identity and Access Management:
Conduct periodic system access reviews and make suggestions to the management on appropriate access privileges for staff on a business-need and need-to-know basis in order to ensure that the access privileges are kept up to date

4.Risk Mitigation:
Coordinate with IT and all business units and obtain regular follow-up of the open risk issues and ensure line managers are updated on the status of open risk issues to enable taking appropriate actions and to ensure compliance with standards such as PCI-DSS and ISO 27001
Assist the Senior Manager - IS Assurance in producing dashboards and reporting on the risk status in order to provide necessary support on reporting

5.General Information Security Activities:
Provide inputs and feedback to the Technology Security teams for updating and creating security baseline documents for systems such as firewalls, various operating systems and databases in order to provide relevant inputs from a security perspective
Monitor and report on security system and end-user activity audits in order to enable timely and necessary actions

6.Reporting and Communication:
Assist Senior Manager- IS Assurance in obtaining statistics with regards to the Information Security metrics and KRIs and collate risk status and related information periodically in order to generate KRI/KPI reports

7.Policies, Processes, Systems and Procedures:
Adhere to all relevant organisational and departmental policies, processes, standard operating procedures and instructions so that work is carried out to the required standard and in a consistent manner while delivering the required standard of service to customers and stakeholders

8.Self-Management:
Manage self in line with the bank\xe2\x80\x99s people management policies, procedures, processes and practices to ensure adherence and to maximise own contribution to business performance

9.Customer Service:
Demonstrate Our Promise and apply the ADCB Service Standards to deliver the bank\xe2\x80\x99s required levels of service in all internal and external customer interactions

Skills

EXPERIENCE, QUALIFICATIONS & COMPETENCIES:

Minimum Experience:
At least 8 years of experience in a banking industry or similar environment

Minimum Qualifications:
Bachelor\xe2\x80\x99s degree in Computer Science or equivalent, e.g. diploma

Professional Qualifications:
Professional Certifications such as CISSP, CISA, CISM

Knowledge and Skills:
Knowledge in information security, specifically in risk/vulnerability assessment, user access reviews, data classification and industry standard frameworks such as ISO 27001, PCI-DSS
Knowledge of security and networking products.
Knowledge of banking operations and related problems, i.e. software and database issues will be necessary in order to perform the role successfully
Awareness of application security requirements and techniques
Knowledge of enterprise security architecture design
Understanding of IP, TCP/IP, and other network administration protocols
Knowledge and ability to apply Risk Management techniques to security policy enforcement and compliance

\xd8\xad\xd9\x83\xd9\x88\xd9\x85\xd8\xa9 \xd8\xb1\xd8\xa3\xd8\xb3 \xd8\xa7\xd9\x84\xd8\xae\xd9\x8a\xd9\x85\xd8\xa9