إرفاق
الوصف الوظيفي
Job purpose / role:
To participate in the delivery of cyber security governance and to provide analytical reports of findings to all related parties. To periodically monitor and evaluate the progress of the implementation, performance and compliance of the cyber security controls, To Develop, update and maintains cybersecurity policies and standards to support and align with a Riyad Bank’s cybersecurity requirement. To participate in the delivery of cyber security governance and to provide analytical reports of findings to all related parties. To support the execution of assessment and to identify compliance with set regulation standards.
Areas of responsibility:
· Policies, Processes & Procedures Follows all relevant departmental policies, processes, standard operating procedures and instructions so that work is carried out in a controlled and consistent manner
Day- to-day operations
· Follows the day-to-day operations related to own job to ensure continuity of work
Cyber performance Analyst
· Develop and maintain cyber security KPI and KRI Methodology to monitor and track the performance and effectiveness of CIS controls in Riyad Bank environment.
· Determine cyber security project limitations and capabilities, performance requirements and interfaces.
· Assess the effectiveness and efficiency of instruction against different performance indicators.
· Monitor, track and define KPI/KRI and other performance indicators to all cyber security functions.
· Align all KPI/KRI with national and international regulations and ensure it is addressing all their requirements
· Ensue to collect all needed evidence that should be used to calculate the performance and measure the defined KPI/KRI.
· Automate all the indicators calculation and ensure it is effective.
· Maintain and suggest ways for cyber security function better performance for internal processes on Riyad Bank
· Mapping KPI/KRI with related topics in the bank and ensure effective way for measurements.
· Report all performance failure to management and ensure to provide corrective plan for better performance.
· Parodic review of the define KPI/KRI and ensure fixing them in relation for better performance
· Analyze and introduce solutions that would enhance the overall cyber security of Riyad Bank, according to the results of the Information Security Risk and cyber security compliance Assessment.
· Monitor new threats as they evolve and adjust risk management cyber security compliance plans as necessary
· Prepare and ensure the cyber security function status report to the management and board level. Including recommendation and corrective action.
Cyber security policy management
· Develop and maintains cybersecurity policies and related documentation.
· Designs and manages cybersecurity programs to assess an organization’s compliance cyber security policies, standards and related laws and regulations.
· Develop specific cybersecurity countermeasures and risk mitigation strategies.
· Establish and maintain appropriate communication channels with stakeholders.
· Review existing and proposed policies and related documentation with stakeholders.
· Provide cybersecurity expertise on organizational and sectoral policy boards.
· Ensure that cybersecurity workforce management policies and processes comply with legal and regulations requirements, frameworks and standards.
· Promote awareness of cyber policy as appropriate among Riyad Bank’s management.
· Interpret and apply applicable laws, statutes and regulatory documents to ensure they are reflected in the cybersecurity policies.
· Work with stakeholders to develop cybersecurity policies and associated documentation in alignment with the Riyad Bank’s cybersecurity strategy.
· Align cybersecurity strategy with the bank business and strategy.
· Create and publish cybersecurity policy.
· Monitor how effectively cybersecurity policies, principles and practices are implemented in the delivery of planning and management services.
· Seek consensus on proposed cybersecurity policy changes from stakeholders.
· Provide policy guidance to cybersecurity management, staff and users.
· Review, conduct, or participate in audits of cyber programs and projects
· Provide cybersecurity advice and input for disaster recovery, contingency, and continuity of operations plans.
· Analyze and report on trends in the organization's security posture
· Prepares cyber security program reports status and communicates them to authorized parties.
· Records, tracks and monitors cybersecurity policy and cybersecurity standard exception and assesses their effectiveness.
· Monitors and guides business the mitigation of the information security risks and security non-compliance exceptions
· Maintain all cyber security policies dashboards in all reports and ensure it reflecting the correct status.
· Review, conduct, or participate in audits of cyber programs, cyber security controls and processes.
· Support CIS management in the formulation of cyber-related policies and standards.
· Review, conduct, or participate in audits of cyber security projects.
Continuous Improvement
· Contributes to the identification of opportunities for continuous improvement of processes and practices taking into account ‘international best practice’, improvement of business processes, cost reduction and productivity improvement
Reporting
· Assists in the preparation of timely and accurate reports of Riyad Bank to meet company and department requirements, policies and standards
Safety, Quality & Environment
· Complies with all relevant safety, quality and environmental management policies, procedures and controls to ensure a healthy and safe work environment
Related Assignments
· Performs other related duties or assignments as directed within the confinement of the departmental roles and responsibilities.
المهارات
· Advanced knowledge of cybersecurity governance concept and function
· Excellent knowledge of cyber and information security concept and function.
· Advanced knowledge of banking BT systems and applications
· Advanced knowledge of the banking operations and requirements
· Advanced knowledge and understanding information security and relevant tools and systems
· Advanced knowledge of the programming languages and systems used by the Bank
· Knowledge of the banking operations and requirements.
· Excellent knowledge and understanding of information security management and relevant tools and systems.
· Excellent knowledge of the SDLC/Agile process and components for cyber security.
· Knowledge of International and national laws and regulations and standard in relation of cyber security.
· Excellent understanding of computer networking systems, database administration, and internet security.
· Excellent knowledge of cyber risk and threats might be impact financial organizations.
· The ability to communicate technological concepts to business professionals.
· Excellent analytical thinking skills and the ability to apply this thinking in a fast-paced environment.
· Excellent skills in reporting and related tools like excel, access, PowerPoint ...etc.
· Knowledge of vulnerabilities in applications and their likely impact.
· Knowledge of cybersecurity communication methods, principles and concepts that support the network infrastructure.
· Excellent communication, speech skills and public speaking.
· Able to understand the usage of cyber security tools and have knowledge sharing skills.
· Skill on report creations and prepare, writing business requirements in terms of cyber security concept.
· Ability to develop, update and maintain policy and related documentation to support business strategy and maintain compliance with legislative, regulatory and contractual obligations.
· Knowledge of Advanced Persistent Threat (APT) actors and associated tools, techniques, and procedures (TTPs)
· Knowledge of cyber threat intelligence analytic frameworks including Cyber Kill Chain and Mitre ATT&CK.
· Understand network security architecture concepts such as topology and protocols.
· Understand what constitutes network risk, cyberattacks, and the relationship between threats and vulnerabilities.
· In-depth experience in the following:
· Information Assurance
· Information Systems/Network Security
· Information Technology Assessment
· Cyber Security Laws and Regulations
· Risk Management
· Systems Testing and Evaluation
· Vulnerability Assessment
تفاصيل الوظيفة
المسمى الوظيفي
Head of Cyber Security Governance & IAM Unit
مكان الوظيفة
المملكة العربية السعودية
الدور الوظيفي
البنوك
المرشح المفضل
المستوى المهني
إدارة