What you will do
Strategic Contribution:
• Digital Risk Management: Lead the implementation of strategic initiatives and maintain a robust framework using industry standards (NIST, COBIT, ISO 27001) to mitigate cybersecurity threats and safeguard data.
• Utilize AI tools to enhance threat detection by analyzing large data sets, identifying patterns, anomalies, and potential security incidents in real-time.
• Compliance and Gap Assessment: Ensure adherence to evolving regulatory requirements and industry standards (ADHICS, NESA, PCI-DSS, ISO 27001, ISO 27701, ISO 22301, ISO 28000, SWIFT KYC), minimizing compliance risks.
• Vendor Risk Management: Develop and implement a comprehensive strategy to manage vendor-related risks aligned with the organization's risk appetite and business objectives.
Tactical Contribution:
• Digital Risk Management Policies: Develop and maintain policies outlining roles, responsibilities, and risk assessment methodologies tailored to the organization’s risk landscape and objectives.
• Cross-Functional Collaboration: Work with IT, compliance, legal, audit, and business teams for regular security and gap assessments, ensuring comprehensive risk management.
• AI Governance: Govern and guide the ethical and compliant development and deployment of AI technologies, ensuring they are secure and properly managed.
• Security Awareness Campaigns: Conduct awareness campaigns and simulated phishing exercises to promote a culture of security and test employees' susceptibility to phishing attacks, providing targeted training as needed.
Skills
Required Skills to be successful
• Strong expertise in configuring, customizing, and deploying Governance, Risk, and Compliance (GRC) tools.
• Experience with Information Security Management Systems (ISMS) and related frameworks (ISO 27001, COBIT, ITIL).
• Proficiency in conducting security risk assessments for AI systems and applications.
• In-depth knowledge of international cybersecurity standards (NESA, ADHICS, ISO31000, ISO 28001, ISO27005, ISO20000, PCI-DSS).
• Ability to conduct comprehensive risk assessments covering financial, operational, strategic, and compliance risks.
• Experience in developing and implementing action plans to mitigate identified risks.
• Ability to analyze potential security risks and develop metrics and reporting frameworks for KPIs and KRIs.
What equips you for the role
• Bachelor's or Master degree in IT, computer application or similar.
• Minimum 10 - 13 years of experience in Security Risk and Governance in a customer facing capacity
• Certified Information Systems Security Professional (CISSP) certification is mandatory.