Principal Analyst- MENA
Job Description
Job Description
The selected candidate will assist Head of International IT Risk & Governance to:
- Roll out and regularly review applicability of IT Governance framework, policies and processes across international locations
- Provide end-to-end guidance to international teams and coordination across local/HO teams in order to timely respond to and address audit findings, while checking for factual accuracy and completeness of evidences and action plans
- Monitor the timely and appropriate remediation of IT risks and issues
- Provide IT-Risk & Governance oversight across a number of international locations.
- Prepare monthly reports covering IT-risk findings and KPIs across International locations, which will be communicated with Senior/Executive Management, while tracking related actions and decisions.
- Create IT Control Governance & Compliance self-assessment checklists, share with International IT-teams, and regularly track related results and trends.
- Ensure that appropriate risk inputs are shared timely with relevant parties when drafting Risk Acceptance Forms, Project Business Cases and Plans etc.
Governance
- IT Policy and process design, development, implementation and custodianship in line with FAB Group policies and regulatory requirements.
- Drive the annual applicability, regulatory coverage and compliance review of IT policies, processes and frameworks across the international locations
- Conduct management review meetings for IT processes
- Have a thorough understanding of various IT standard, framework and good practices like COBIT, ITIL, ISO 20K, CMMI, PMBOK, etc.
- Establish checklists to carry out gap assessments of regional IT practices and controls against industry standards and IT-related regulations applicable to the financial sector.
- Define, monitor and report on IT-Risk & Governance KPIs and metrics in-line with IT objectives
- Ensure vendor agreements are in line with Bank's IT policies, processes and standard.
- Conduct annual process maturity assessment and benchmark against industry standard
- Prepare regular dashboards and reports for various working group and committee meetings
- Support vendor management and procurement processes to ensure compliance with IT policies/processes and regulatory requirements.
- Demonstrate ability to manage stakeholders and ensure results remotely with regards to IT risk management and governance activities
- Facilitation of external and regulatory audits and self-assessments.
- Regular review of local IT Service Level performance, collaborating with relevant teams on continuous improvement and annual refresh of SLAs Agreements.
- Facilitation of regular regional technology governance committees.
- Actively participate in relevant technology project committees to ensure adequate and timely governance and risk reviews
Risk management and control
- Understand the overall risk profile and ensure that the risks are managed and prioritized properly
- Act as a subject matter expert and create a first line of defense environment for the Bank's International IT Operations with regards to IT risks and remediation's.
- Support a culture of risk-awareness, transparency, integrity, and a platform of clear communication, escalation and trust.
- Ensure risk limit is in line with FAB risk appetite and compliance with Group ORM policy framework
- Identify all material risks, including the risks associated with new or complex products, vendors/partners and high risk activities.
- Facilitate and manage regional technology risk control self assessments.
- Facilitate the development and execution of the regional technology assurance framework and program
- Evaluate regularly the risks, and maintain continued awareness of the business and risk profiles and changes in the operating environment and financial markets that may give rise to emerging risks.
- Set up effective controls to ensure the integrity of business overall risk management process
- Any excesses or exceptions to risk limit should be reported promptly to the senior management and risk committee for necessary action
- Ensure completion and rectification of internal and external audit comments within target dates
- Build a risk-based culture with discipline and accountability
- Assist in IT risk mitigation efforts, including the submission of relevant evidences to internal and external control/regulating bodies.
- Draft reports for an executive audience with regards to the mitigation, transfer and/or acceptance of IT risks.
- Provide accurate advice to executive management with regards to local regulatory risks and requirements, by indicating knowledge of local regulation and establishing strong rapport with local Compliance, Legal and Regulatory teams.
Qualifications
Minimum Qualification
- Bachelor's degree, preferably in Information Technology, Engineering/Computing
- Professional IT Service Management Certification – E.g. ITIL v3 Expert, ISO20000 LA
- Professional IT Audit Certification – E.g. CISA, ISO 20000 LA/LI, 27000 LA/LI
- Professional IT-Governance Certification – E.g. COBIT5 Implementer, ISO like CISA and COBIT5 implementer
Minimum Experience
- 8-10 years relevant experience in the banking sector
- Strong track record in IT Assurance, IT Audit, IT Process Management
- Experience with banking and privacy regulation
Skills
- Strong stakeholder management skills
- Strong analytical skills with attention to detail
- Strong time and people management skills
Job Details
Employment Types:
Full time
Industry:
Other
Function:
IT
Roles:
Software Engineer / Programmer