To support Technology & Security Risk Management assessment activities, execute monitoring and reporting activities for Technology & Security Risks, Technology & Security Risk Management’s Risk Appetite Indicators (RAIs) and Key Risk Indicators(KRIs) covering the six domains of Technology Risk Management (Cyber Security, Information Security, IT Resilience and Continuity, IT 3rd Party, IT Project Execution and Technology Control Assurance) to ensure adequacy and robustness of Risk’s IMMMR (Identification, Measuring, Managing, Monitoring and Reporting).

Key Accountabilities:

1.      Identify areas of improvement and formulate possible solutions that ensure robustness of Technology & Security Risk Management Framework & Policy as well as all associated policies and procedures related to the six domains of the Technology & Security Risk Management as a governance activity in compliance with bank standards and regulations.

2.      Actively contribute with relevant departments to identify risk gaps and early warning signals for Technology & Security Risks that could arise from any change in systems, services, processes or procedures.

3.      Actively contribute in defining, maintaining and enriching Technology & Security Risk Managements’ Metrics, Taxonomy and Severity Scale as well as proficiently practice Technology & Security Risk Management techniques, methods and tools that were designed to ensure that all technology & security risks are adequately captured and managed. Moreover, prepare training materials and carry out communications activities in alignment with relevant stakeholders in order to improve mindset and knowledge.

4.      Aggregate all Technology & Security Risk Management’s information and activities across First and Second Lines of Defense, assist in root cause analysis for risks and maintain a proper and updated Technology Risk Management’s risk log including all residual and potential risks’ investigations and documentations to provide a standardized overview of technology risks.

5.      Execute monitoring activities for technology risks. Design trend analysis for technology & security risks and incident reporting as well as carryout and maintain Technology & Security Risk management dashboards and KPIs to be directed regularly to relevant Risk or Technology Committees, Senior Management and the Board of Directors in order to drive more informed decisions.

6.      Assist in reviewing the Risk Acceptance Forms (RAF) and Corrective Action Plan (CAP) related to Technology & Security Risk Management in cooperation with IT, Security & Resilience Management, Analytics & Data Management areas prior submitting to NFRCC, to ensure effective response to identified technology & security risks as well as ensure effective tracking for CAP progress, significant technology Risks’ status. 

7. Assist and support the first line of defense in defining granular list of Technology & Security Risk Management’s KRIs/RAIs and regularly scan KRIs/RAIs for new requirements and consolidate them in a comprehensive view, to provide indication of the risk appetite and tolerance through metric setting (KRI threshold) and to ensure the effective alignment of Technology & Security Risk Management strategy with the approved Risk & Business Strategies.

8. Perform independent assessment on controls defined and executed by first line of defense provide support in controls’ development to ensure that they are in place and meet defined policies.

9. Define control testing plans and monitoring control testing results to ensure the effectiveness of controls in preventing or detecting Technology & Security Risks.

10.   Assist, support & challenge from technical perspective the risk assessment activities, controls, mitigation plans and quality control activities implemented by first line of defense in Technology & Security Risk and Control Self-Assessments (Technology -RCSAs) to ensure adequacy and robustness of Technology Risk’s IMMMR.

11.Contribute in reviewing Technology & Security Risk Management’s memorandums submitted to BCOIT & NFRCC committees to highlight potential technology risks and improve more informed decisions