Head of IS Compliance & Risk Management

Job Title:Head of IS Compliance & Risk Management

Location: Abu Dhabi, United Arab Emirates

Employment Type:

Contract

Role Purpose:

The purpose of this role is to ensure robust information security policies and risk oversight across the client and its subsidiaries. This includes managing activities associated with information security governance, risk management, and the development of IS policies by applying sound cybersecurity principles and practices.

Role Responsibilities:

Reporting to the Head of Information Security Governance & Risk Management, the incumbent is responsible for:

• Leading and managing information security policy and governance practices across the Group, including frameworks, procedures, and subsidiary cybersecurity governance activities.
• Overseeing the operations, performance, and budget of the Information Security policy and Risk Management section.
  
  

Key Metrics:

• Percentage of information security processes measured by optimized metrics (KRIs, KPIs, and maturity).
• Percentage of policies developed or updated out of the total planned for development or update.
• Percentage of completed risk assessments out of the total planned.
• Percentage of required management reports (ad hoc or periodic) delivered compared to requests.
  
  

Key Accountabilities of the Role:

• Provide expertise in information security policies, frameworks, risk management, and governance.
• Manage the operations and performance of the Information Security Policy and Risk Management section to align with organizational requirements and strategic objectives.
• Collaborate with heads and managers across the Group Information Security Department (GISD) to assess needs and gather input for policy development.
• Design and implement the information security governance framework and oversee the development of policies, guidelines, and procedures.
• Lead and manage risk management activities, including tool usage and follow-up on risk mitigation implementation, escalating unresolved risks to higher management as needed.
• Ensure alignment of policies and frameworks with regulations such as PCI DSS, NESA, and Central Bank requirements, as well as security standards like NIST and ISO 27001.
• Develop and manage cybersecurity policies, frameworks, processes, and metrics to report on effectiveness, suitability, and associated risks.
• Manage information security committees and meetings as assigned.
• Govern new technologies including cloud, AI, Big Data, and Blockchain in line with security policies.
• Oversee data privacy governance and its integration into overall policies and frameworks.
• Deliver initiatives to inventory and collect cybersecurity and privacy controls, establishing a control library with dependencies and assigned criticality based on risk appetite.
• Ensure that risks are inventoried and issues are raised to develop a Cyber Risk profile at group, entity, and business line levels.
• Periodically report on risks, issues, and policy control compliance, making improvements based on CISO feedback.
• Ensure that cybersecurity controls stipulated in policies are continuously tested by GISD, focusing on key controls and priorities in the overall Enterprise Risk framework.
  
  

Specialist Skills / Technical Knowledge Required:

• Excellent interpersonal, verbal, written, and presentation skills.
• Expertise in information security processes, technologies, and solutions.
• Strong knowledge of banking processes and operational practices.
• Familiarity with GRC tools and other risk management and governance platforms.
• Expertise in local and international information security standards, best practices, and regulations (e.g., ISO 27001, NESA, PCI DSS, SWIFT CSP, COBIT, NIST).
• Experience in managing information security policies, frameworks, procedures, and governance models.
• Good knowledge of data privacy governance and controls.
• Bachelor’s degree; a master’s degree in engineering, IT, or a technical discipline is preferred.
  
  

Previous Experience:

• 10-15 years of experience in information security, focusing on policy development, governance, compliance, frameworks, and risk management.
• Strong experience in planning, budgeting, governance, assurance, compliance, and risk management in information security.
• Proven executive experience, including management-level discussions and presentations.
  
  

Head of IS Compliance & Risk Management in Abu Dhabi, United Arab Emirates