Executive Manager - Information Security Assurance (Al Hilal)

Embark on a journey where your unique contributions are celebrated, and your professional growth is embraced. At ADCB, we nurture a diverse, inclusive community where every voice is valued.About the business area - Group Risk Management Al Hilal prioritises a disciplined approach to risk, recognising its fundamental importance to the Bank’s long-term organisational and financial resilience. Group Risk Management oversees the implementation of Al Hilal's risk objectives, identifying and addressing gaps in the bank's risk infrastructure/framework. Their responsibilities include nurturing the independence of the risk function, establishing provisioning policies, and introducing changes to energise risk awareness among front office personnel and decision-makers. Continuously tuning the risk organisation in line with market best practices, they manage Al Hilal's portfolio and associated risks to international standards, while establishing a clear risk culture across all areas of operation.In this role, your key responsibilities include:The purpose of this assurance job is to evaluate cyber risks across AHB’s information processed/stored by it’s IT applications and infrastructure hosted in on-premise and cloud environments and its 3rd party service providers in accordance with AHB’s cyber security policies and applicable regulatory requirements.Visualize, articulate, and set the strategy to address the changing landscape of digital cyber security (on premises and on cloud) by leading the team in developing an active approach to managing the ASSURANCE of cyber risks in a digital bank.Articulate gross and residual cyber risks and complex technology solutions and processes to non-technical stakeholders.Provides periodic updates to the senior management/stakeholders on relevant matters to ensure they are updated on cybersecurity assurance matters.Report any potential or actual risks or incidents affecting the security of information to the helpdesk.Set the strategy of cyber security assurances of AHB’s and 3rd parties IT environments (on premises and on cloud), including the security risk assessment methodology, security threat database, risks and controls register to accommodate the continuous technical/business changes of the organisation as a digital bank.Direct the team to create a pro-active plan of comprehensive reviews of changes and testing methodologies of AHB’s digital platform in cloud and its legacy applications hosted in on-premise datacentres and provide recommendations for secure implementation. This will include penetration testing of Web Applications, Mobile Applications, Micro-services and its API-Endpoints and various infrastructure solutions.Prepare and maintain information security risk assessment methodology, security threat database, risks and controls register to accommodate the continuous technical/business changes of the organisationPlan and conduct periodic Security Risk Assessments of Applications and Infrastructure solutions deployed in on-premise data centre and cloud environments.Plan and conduct Security Risk Assessments of third parties offering services using on-premise and/or cloud environment.Prepare and communicate periodic and adhoc security risk reports, heat maps and dashboards to the relevant stakeholders as requiredProvide security consultation to the relevant stakeholders to mitigate the reported risks and track the status of reported risksPlan and conduct periodic security architecture of IT applications and solutions hosted in on-premise datacentre and cloud environmentsConduct security review of changes to AHB’s digital platform in cloud and its legacy applications hosted in on-premise datacentres and provide recommendations for secure implementationDevelop and maintain application security testing methodologies to be followed for on-premise and cloud based applications in all phases of software development life cycle including testing methods to be used in IDE, CICD pipeline, DAST of components and penetration testing of entire solution.Plan and oversee white box security testing of IT applications and Infrastructure hosted in on-premise datacentre and cloud environments. This will include but not limited to the penetration testing of Web Applications, Mobile Applications, Micro-services and its API-Endpoints and various infrastructure solutionsOversees the tracking and closure security risk assessment and penetration testing findings assigned to technology teamsOversees the tracking and closure of findings from internal and external Audits related to Information Security Risk and penetration testing domainsDevelops and coaches the team to work as facilitators and reviewers for the risk map and business continuity plans.Keeps abreast with developments and changes in regulatory requirements in order to implement these changes within AHB and ensure compliance.The ideal candidate should have the following experienceBachelor's Degree in Information Technology, Computer Science or similarCandidates with one or more of the following professional certifications in cyber security/ information security risk / cloud security like CISSP, CISM, CRISC, CCSP, CISA, Digital Risks Management - DIGR, Azure Security- AZ 500, IT Projects Management – PMP,Minimum of 12 years of enterprise cybersecurity or relevant technology/risk management experience including 5+ years cloud security experience, and experience in digital transformation projects or a digital bank and experience in managing people and presenting strategy to senior management.Information Security ArchitectureInformation Security Controls AdministrationInformation Security GovernanceIT Security Problem & Incident ManagementDisaster Recovery & Business Continuity PlanningRisk Regulation and ComplianceDigital processing and digital operationsWhat we offer:Competitive Salary & Additionally, all employees are eligible to participate in one of our rewarding variable pay plans.Comprehensive Benefits Package: This includes market-leading medical insurance, group life and personal accident insurance, paid leave and leave airfare, employee preferential rates on loans and finance facilities, staff discounts and offers, and children education assistance (for certain job levels).Flexible and Remote Working Options: We understand the importance of work-life balance and offer flexible working arrangements, subject to eligibility and job requirements.Learning and Development Opportunities: We value and facilitate continuous learning and personal development through a variety of exciting learning opportunities, such as structured instructor-led courses, a comprehensive e-learning catalog, on-the-job training, and professional development programs.At ADCB, we are dedicated to creating a respectful, caring and disciplined work environment that aligns with your career ambitions.