1.    Ensure proper security controls are enforced across the different systems based on the identified systems’ criticality.

2.            Review and recommend updates to the bank’s IT & Cyber security policy, relevant processes, procedures and guidelines.

3.            Participate in the security gap and threat assessments post globally/locally identified security incidents/threats and ensure the effective implementation of action plans with the relevant stakeholders.

4.            Support the implementation of the key strategic business initiatives and projects through following the secure software acquisition life cycle including specifying the confidentiality, integrity, and availability requirements, addressing security requirements throughout the acquisition of new systems and performing proper risk assessment prior to releasing new systems to production.

5.            Review new technologies and changes to existing technologies for vendor acquired solutions to ensure proper information security requirements/controls and compliance with relevant security policies and compliance mandates.

6.            Validate the security requirements to ensure the proper management of test data on development and test environments according to the set test data management strategy and in alignment with the developed security policies.

7.            Develop and maintain threat modelling strategy and procedures for the purpose of optimizing the infrastructure and network security through identifying clear objectives and developing countermeasures to prevent or mitigate the impacts of cybersecurity attacks/threats on the environment.

8.            Provide updates on the different Security KRIs, RAIs and RCSA and develop an action plan to mitigate those risks to be reported to the Security & Technology Risk Management Team for tracking.

9.            Conduct the different security assessments for vendors and third Parties providing critical services and engagements that involve access to or sharing of information, as per the respective policies and guidelines.

10.          Responsible for initial security risk assessment for any identified security risks across the organization and liaise with the security & technology risk management for final risk rating and reporting.

11.          Conduct the annual review and update of the area’s processes, procedures and recommend updates to relevant policies with the adherence to the developed SLAs.