Senior System Risk Officer

Job description / Role

Principal Duties and Responsibilities:
1- Assist the systems risk unit manager in the development and implementation of the IT Risk Management Framework.
2- Ensuring technology controls are sufficiently protecting business risk, through the application of the Technology Risk & Control framework.
3- Assess the various information technology risks that the business faces in its operations and implement action plans, policy and procedural changes for risk avoidance and mitigation.
4- Identifying risk associated with the use, ownership, operation, involvement, influence and adoption of IT in the organization.
5- Conduct in-depth information technology risk assessments including identifying and documenting controls, creating detailed process flows, identifying potential gaps and/or inconsistencies and making sound recommendations for improvement and/or mitigation.
6- Track action steps and ensure that findings are mitigated appropriately and in a timely manner.
7- Conduct readiness reviews over large information technology development projects ensuing appropriate systems development lifecycle methodologies are being applied and followed.
8- Participating and providing IT risk related feedback and inputs during the selection of new technologies, products and vendors.
9- Review third party technology vendors and contracts to ensure appropriate controls are in place and functioning effectively.
10- Conduct risk assessment for IT projects and application selection.

Requirements

Qualification Requirements:

1- Hands on experience in application of the Technology Risk & Control framework.
2- Overall experience of 5 years at least in the related areas. Specifically experience in
a. Performing risk assessments, control testing/analysis of financial and e-commerce systems for at least 2 years
b. Performing risk assessments of new system or technology acquisition and various types of SDLC projects for at least 2 years
c. Analysis of incidents and system changes from risk perspective and related recommendations & reporting
d. Identifying key motivators for Risk Assessment needs
e. IT Asset classification, characterization and prioritization
f. Handling scheduled and unscheduled assignments
g. Preparation of IT Risk Management policies, procedures in compliance with regulatory needs and international best practices
h. Continuous risk monitoring of IT assets and reporting to System Risk manager
i. Communicating with various business and IT teams in order to discuss identified risks, finalize assessment reports and control recommendations
3- Good understanding of banking industry
4- Knowledge and understanding of technologies and systems used in the financial sector / banks
5- Knowledge of core banking systems, such as T24 and others.
6- Understanding of Information Security frameworks will be added advantage
7- Significant analytical and critical thinking skills.
8- An IT/Business graduate, related certifications CRISC, CISM, CISSP, CISA etc. will be a plus
9- Understanding of the COSO internal controls framework, ISO and ISACA’s IT Risk Management frameworks

About the Company

Saudi Networkers Services, incorporated in 2001 with an aim to provide the world class business and consulting services through a combination of market insight, technical excellence and unrivalled agile methodology.

Our success stems from building strong relationships and trusted partners, which enabled us delivering exceptional services to public sector, as well as some world's leading organizations, in Telecommunication, Information Technology, Cyber Security, Banking, Energy, Utilities and various other industry arenas.

We collaborate closely, ideate that how the work gets done, while working alongside businesses to collaborate on growth and applying breakthrough innovations, that drive exponential impact, managed by teams specialized in their assigned industry sectors.