Head of Service- Technology GRC- International Oversight

Join the UAE’s largest bank and one of the world’s largest and safest financial institutions. Our focus is to create value for our employees, customers, shareholders and communities to grow through differentiation, agility and innovation. We are looking for top talent and your success is our success. Accelerate your growth as you help us reach our goals and advance your career. Be ready to make your mark a top company, in an exciting & dynamic industry. 
 

Key Accountabilities:

Oversee the Tech-GRC domain for all international branches, reporting into the Head of Technology-GRC, and coordinating a team of regional managers to:

Governance

• Establish strong working relationships with international management and IT teams to ensure continuously improved Technology GRC practices.
• Ensure local branch IT operations and Tech-GRC practices and processes align with those of the Group.
• Create appropriate IT policy and process addenda where so required, incorporating local regulatory mandates.
• Establish and oversee IT-governance forums to ensure strategic, operational and risk alignment of international branches and Group.
• Provide sound IT-GRC advisory services to international teams, while demonstrating a strong understanding of various IT standards, frameworks and good practices.
• Establish checklists to carry out gap assessments of regional IT practices and controls against industry standards and IT-related regulations applicable to the financial sector.
• Define, monitor and report on IT-Risk & Governance KPIs and metrics in-line with IT objectives
• Ensure vendor agreements supporting international technology services are in line with Bank’s IT policies, processes and standard, and regulatory mandates.
• Conduct annual process maturity assessment and benchmark of international branches against industry standard
• Prepare regular dashboards and reports for various working group and committee meetings
• Demonstrate ability to manage stakeholders and a team remotely to drive prioritized results and transparency with regards to IT risk management and governance activities
• Facilitate external and regulatory audits and self-assessments.
• Regularly review local IT Service Level performance, collaborating with relevant teams on continuous improvement and annual refresh of SLAs Agreements.
• Facilitate and prepare for regular regional technology governance committees.
• Actively participate in relevant technology project committees to ensure adequate and timely governance and risk reviews
• Maintain oversight of regional IT Incidents, ensuring timely reporting to risk and management functions.

Risk Management and Control

• Understand the overall risk profile of international branches and ensure that the risks are managed and prioritized properly
• Act as a subject matter expert and create a first line of defence environment for the Bank’s International IT Operations with regards to IT risks and remediations.
• Support a culture of risk-awareness, transparency, integrity, and a platform of clear communication, escalation and trust.
• Ensure risk limit is in line with FAB risk appetite and compliance with Group ORM policy framework
• Identify all material risks, including the risks associated with new or complex products, vendors/partners and high risk activities.
• Facilitate and oversee the collaboration of international branches with regards to the planning and execution of risk control self-assessments.
• Facilitate the development and execution of the regional technology assurance framework and program
• Regularly evaluate IT risks, and maintain continued awareness of the business and risk profiles and changes in the operating environment and financial markets that may give rise to emerging risks.
• Any excesses or exceptions to risk limit should be reported promptly to the senior management and risk committee for necessary action
• Ensure completion and rectification of internal and external audit comments within target dates

• Assist in IT risk mitigation efforts, including the submission of relevant evidences to internal and external control/regulating bodies.
• Draft reports for an executive audience with regards to the mitigation, transfer and/or acceptance of IT risks.
• Provide accurate advice to executive management with regards to local regulatory risks and requirements, by indicating knowledge of local regulation and establishing strong rapport with local Compliance, Legal and Regulatory teams.

Cloud Management

• Ensure due diligence of international cloud service providers and oversee ongoing cloud service providers security assessments.
• Evaluate cloud solutions provided to international locations and determine risk of technology architecture, implementation, and suitability for the organization.
• Ensure cloud service providers contracts are compliant to Group policies/processes and relevant controls are considered in the contract with cloud service providers.
• Assess the risk implications of digital innovation and its impact on technology risk profile of the bank. Provide recommendations to optimize the risks and ensure technology policy and process alignment.
• Support and maintain risk assessment capabilities to review and assess digital business models end to end.
• Work with business and technology teams to better understand digital business risk and facilitate a balance between the need to protect the organization and the need to optimize customer experience.
• Conduct in-depth technical security reviews, risk assessments, and architecture reviews for Cloud based technologies and solutions to ensure alignment with information security policies and technology guidelines.
• Provide risk management guidance and advice to technology teams on cloud technologies and digital solutions

Leadership

• Support assigned team with their ongoing professional development through constructive and regular feedback
• Establish common reporting structures and formats across international regions
• Ensure assigned team workload is monitored for effective and time-efficient delivery and prioritization.
• Instil attention to detail to the deliverables of key stakeholders and team, while preparing deliverables, reports and communications appropriate to the targeted audience and stakeholders.
• Effectively and regularly align with key stakeholders across the international FAB circuit and Head Office.
• Establish clear targets and showcase continuous improvement through performance measurements.
• Foster a culture of knowledge-sharing, collaboration and personal accountability.

Key Performance Indicators:

• Adherence to Tech GRC budget targets
• Participation in relevant service line specific EA community sessions to address the GRC requirements
• Completion of Risk and Control Self-Assessments as per the agreed schedule
• Remediation of Technology GRC risk issues as per the established timelines
• Adequately monitor and supervise remediation of Technology Service Line risk issues as per the agreed timelines
• Ontime completion of KRI reporting and GORM incident management reports
• Completion of regulatory reporting activities as per the timelines
• Adherence to GRC automation initiatives implementation plans
• Ontime completion of mandatory trainings and meeting certification requirement
• Ensure external audit and regulatory certifications are completed on time without non-compliance (such as PCI DSS and NESA)
• Coordinate with service lines to gather RFI’s and management response for GIA (Group Internal Audit’s) on time.

Knowledge & Experience:

• 13 or more years of working experience in IT Security, Risk and Governance practices.
• 5+ years of experience working in leadership role IT Security, Risk and Governance
• Evidence of influencing senior stakeholders and dealing with external auditors and regulators
• Excellent interpersonal skills and good oral and written communication skills
• Good understanding of process models in ISO and industry standards relating to IT Security, Risk and Governance.
• Good understanding of security and risk management in financial institutions.
• Good understanding of innovations / trends in IT and fintech in particular
• Recent experience in the governance of agile and other digital/innovation ways of working
• Good experience of enforcing good governance across an outsourced IT resourcing model.
• Strong analytical capabilities and knowledge of related tools and processes.  Proven ability to handle volume detail and summarize effectively
• Excellent knowledge all aspects of technology: infrastructure; operations, security, development, change/transformation, support, innovation, vendor management etc., and banking related processes especially risk management. Should have demonstrable experience of working in the majority of these domains.
• Good understanding of technology processes across a full service IT organization. Should have demonstrable experience in these areas.
• Good understanding of banking related environments – especially around high availability, data confidentiality, security etc.
• Good understanding of project management to drive the team to deliver to objectives and to oversight the division’s change governance
• Good understanding of technology trends to keep the policies and procedures ahead of the curve
• Good knowledge in different IT process models (ITIL / ISO / COBIT etc.).
• High Performance attitude and track record to evidence
• Adequate forward planning and implementation of improvement initiatives
• Budget and cost management
• Utilization of resources – Effective utilization of staff to deliver planned and unplanned outcomes to agreed timelines
• User satisfaction – Feedback from business units and other IT teams on the collaborative support provided by the unit 
• Quality – Availability of record of activities carried out by the unit, in compliance with quality assurance requirements
• Risk management – Effective management of risks in the infrastructure operations
• Vendor management – Efficient use of outsourced vendor teams. Performance of vendors as per committed SLAs
• Staff development – Staff turnover, availability of skills, staff satisfaction, and talent management

Skills:

• Relationship and dispute management
• Leadership, team management and coaching skills
• Stakeholder and influencing skills
• Big picture thinker with attention to details
• Excellent interpersonal skills and good oral and written communication skills.
• Strong cultural change management skills
• Strong analytical skills
• Resource (time and people) management skills

#LI-KS1