Technical Risk Assurance and Security Specialist

Job Description

JOB PURPOSE: The Technology Risk, Assurance, Resilience and Security is responsible to plan, monitor, manage and report technology risk and assurance management, quality, resilience and security practices in IMDT. Additionally, he is responsible for coordinating appropriate mitigation to address technology risks, quality issues and overseeing IsDB’s resilience capabilities and security governance are appropriate and managed. KEY RESPONSIBILITIES:

• Establishes and maintains the technology risk and assurance plans, framework, standards and supporting guidelines and processes to enable IsDB manage technology and information risks in adherence with the business strategy, maintaining adherence to IsDB Internal Audit and Risk Management Department frameworks and methodologies.

• Leads the performance of technology risk assessments to identify, assess, mitigate and manage technology-related risks; identifying risk themes to initiate appropriate projects.

• Oversees IMDT assurance plans and communicate them to concerned IMDT divisions.

• Ensures adherence with risk frameworks and methodologies defined by the Risk Management Department, with specific technology risk standards and procedures defined and maintained. Coordinates identifying critical control points and preventive measures.

• Leads, defines and maintains the IMDT control test framework across the scope of relevant IMDT processes, policies and standards; adopting a risk-based approach for the frequency and testing of controls.

• Manages IMDT control design and effectiveness testing across the key control objectives, identifies the outcomes and documents the impact of control weaknesses with remediation requirements.

• Leads and assesses the impact of IT-related legal and regulatory requirements on third-party contracts related to IT operations and service providers.

• Evaluates IMDT standards and processes to ensure adherence to applicable legal, regulatory and contractual requirements.

• Leads IMDT-wide quality assurance activities to ensure expectations are consistently achieved across IMDT responsibilities, and any issues are identified and resolved in a timely manner.

• Coordinates with the IT Strategy and Governance Manager during execution of any assurance initiative to identify compliance gaps and assists in defining corrective actions.

• Manages and carry out quality assurance and regulatory compliance audits. Monitors progression against action plans.

• Manages coordination of internal and external audit activities by liaising across IMDT to provide the appropriate access to the data and systems and where necessary, investigates the root cause of non-compliance.

• Manages and identifies recurring patterns of non-compliance, providing recommendations for technical / procedural solutions, enhancements, policy/standards improvements and other remediation requirements.
• Act as the reliable IT hygiene team member in early engagement in reviewing, validating, challenging the proposed MAPs for audit reports to ensure practicality of the proposed resolution actions to support clearing the audit observations, effective detailed implementation of MAPs, confirmation of implementation status, collecting evidence, prepare and updating performance dashboards on periodic basis of the audit observations.
• Reports audit and assurance plans execution progress or any obstacles periodically to Director IMDT and Divisions Managers.
• Identify areas where actions are required to enhance quality assurance standards and ensures issues and findings are immediately reported to relevant IMDT Divisions Managers.
• Oversees the implementation of processes, policies, procedures and controls covering all areas of IMDT department activities to ensure that all relevant procedural requirements are fulfilled while delivering an IT quality service.
• Manages and defines IsDB’s technology resilience capabilities across disaster recovery, backup and restoration, and IT crisis management; with appropriate standards, guidelines, and procedures for applications and infrastructure to ensure that systems can be reinstated in a timely and integral manner in the event of a disaster scenario.
• Coordinates with business continuity to identify disaster recovery requirements, risks, mitigation plans, and alignment; perform resilience test activities including drills, simulations, and table-top exercises and ensures findings are addressed on a timely basis.
• Manages and defines the information security policies, processes and procedures with collaboration with Risk Management Department and ensure the adherence to the policies across IT services.
• Manages and oversees the technology assurance, information security and resilience awareness initiatives within IMDT and IsDB.