VP, Information Security

Job Description The selected candidate will assist the Country CRO to build the newly established unit and expected to harness a strong Risk governance framework covering KSA. The candidate is responsible for the development, implementation, management and assurance of the group-wide Information security & governance in order to facilitate secure and effective banking operations while mitigating risks and ensuring compliance. In doing this, he/she will work closely with the Group Risk Management units to ensure the Group methodologies, policies, procedures are established in KSA. Additionally, the potential candidate will build, produce and regularly update the risk report suite to ensure consistency and compliance with the bank s risk tolerance. Key Accountabilities Governance • In conjunction with, and as required by the Country Chief Risk Officer, manage the Information Security & Business Continuity framework for Country and Group Risk & Compliance Committee. • Provide regular reports to Country CRO on location s risk profile with mitigation plans. Assist the Country CRO & Committees in the taking appropriate decisions to manage the risk profile within the set appetite. Strategy Development and Implementation • Assist the Country Chief Risk Officer in formulation, implementation and delivery of the Franchise in KSA s risk strategy in line with the vision, mission, values and priorities. • Maintain, execute and continuously improve the Franchise in KSA s risk management strategy, frameworks and tolerances to assess and mitigate the risk and to ensure the region operates within its pre-defined risk appetite, aligned to the group s risk & business strategy. Budgeting and Financial Performance • Manage the preparation of the department budget and monitor financial & risk performance versus the budget while ensuring all departmental activities are conducted in line with the approved guidelines. Policies, Systems, Processes & Procedures • Assist in development and effective implementation of risk policies (Information Security, Business Continuity), procedures and controls covering all areas of assigned the Franchise in KSA so that all relevant procedural/legislative requirements fulfilled while delivering a quality, cost-effective service. • Contribute in development of a risk culture within the assigned the Franchise in KSA to drive heightened awareness and understanding of prudent risk management practices; work with other risk teams on technical aspects so that key stakeholders are equipped with the necessary knowledge and capability to take risk-based decisions on behalf of the Group. Risk Management Framework • Assist Country CRO in implementation of risk management systems, policies, procedures and reports for Information Security & Business Continuity in partnership with Group Risk heads. • Assist in the development, implementation and maintenance of Information Security (IS) plans, include programs, systems and standards relating to information security in order to mitigate risk, and ensure the full protection and integrity of concerned assets, includes institutional memory, and data. • Develop a comprehensive Risk Review mechanism for information security policies & procedures to assure consistency, comprehensiveness, and adequacy to enable an effective information security risk management process, and the same are adjusted as appropriate to reflect changes in the risk profile and market dynamics. • Develop & maintain security assessment methodologies for IT infrastructure changes in line with the bank s information security policy, PCI DSS requirements, industry standards and other regulatory requirements. Information Risk Assessment and Management • Manage the data classification and risk categorization of information assets in coordination with respective business/information owners, in order to enable the identification, analysis and mitigation of risk in information technology and business systems. • Conduct risk assessments and penetration tests to identify current and future security vulnerabilities and flaws in information systems, determine the management-approved level of risk, and work closely with relevant teams to prepare and maintain action plans to mitigate issues/IS risks. • Identify current and potential legal and regulatory issues affecting information security and monitor the assessment of their impact on the organization, in order to recommend suitable action plans and enable informed decision making. • Design and ensure implementation of governance structure for information security to manage conformity and compliancy to security KSA-wide. Security Assurance • Manage the monitoring of information security violations, review and provide recommendations on corrective action in order to ensure that adequate information security in compliance with the necessary standards guidelines and policies. Data Privacy • Develop data privacy strategies. • Act as the primary point of contact within KSA for members of staff, regulators, and any relevant public bodies on issues related to data protection when needed. • Ensure the policies and procedures are in accordance with Personal Data Privacy Law (PDPL) and codes of practice. • Evaluate the existing data privacy controls and identify areas of none or partial compliance and rectify any issues in consultation with key stakeholders. • Inform and advise the Data Controller or Data Processor on all matters related to data privacy. • Promote a culture of data privacy compliance across all units of the organization. Change Management • Participate in management of change through continuous improvement of functional systems, processes and practices considering global standards and changes in the business environment which demand proactive action plans Relationship Management • Maintain effective business relationships with all relevant external/internal entities (such as government authorities, other financial institutions, key stakeholders etc.) and all sections with the highest standards of business ethics, whilst promptly attending to all critical issues in-order to ensure the services required by the organisation are delivered in the most effective manner. Minimum Qualification • Bachelor s degree in IT or related discipline. • Master s degree in Business Administration, or a related discipline is preferred. • Certification in related disciplines is preferred. Minimum Experience • +10 years relevant experience in the banking sector with at least 4 years in similar positions of progressively increasing managerial responsibilities in the Information Security & Business Continuity management function. Company Industry

• Recruitment
• Placement Firm
• Executive Search

Department / Functional Area

• IT Software

Keywords

• VP
• Information Security

Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at abuse@naukrigulf.com

People Looking for VP, Information Security Jobs also searched

#J-18808-Ljbffr