Systems Risk Manager

Job description / Role

Summary:
The technological innovation in the recent years has increased the dependency of banks on the reliability and continuity of the systems supporting their business operations. IT systems play a very critical role and have now become an indispensible part of the whole business. With this new change the business risk associated with the use, ownership, operation, involvement, influence and adoption of IT in the bank for performing its core business activities has also increased and hence made the Systems Risk Management as one of the key functions required by SAMA.
The role of the Systems Risk Unit Manager would mainly be associated with formulating, developing and implementing a comprehensive IT Risk Management framework, policies and procedures that assist in better identification, assessment, managing and controlling of risk associated with the usage of technology. The role should provide tangible business benefits to the bank, such as mitigating the operational surprises and failures, increase information quality, greater stakeholder confidence and reduce regulatory concerns through implementing the Risk Framework principles.

Principal Duties and Responsibilities:
• Setting and developing the function’s framework, policies, procedures and manuals.
• Development and managing the implementation of a comprehensive IT Risk Management Framework
• Managing and guiding the Systems Risk Team to ensure that technology controls are sufficiently protecting business risk.
• Driving the assessment of various information technology risks that the business faces in its operations.
• Owning the process and ensuring proper implementation of action plans, policy and procedural changes for risk avoidance and mitigation
• Defining a streamlined process and subsequently managing the execution of information technology risk assessments
• Supervise and lead readiness reviews over information technology development projects ensuing appropriate systems development lifecycle methodologies are being applied and followed.
• Promote a risk aware culture by participating and providing IT risk related feedback and inputs during the selection of new technologies, products and vendors.
• Set risk assessment methodology for assessing all IT related projects/ applications.
• Coordinating with various departments, business and technology head to ensure their support and involvement
• Develop/modify/enhance Bank Policy & Procedures to meet local business and regulatory requirements with regard to system risk management including the E-banking and any new regulations
• Act as the point of contact, and representative of the matters related to systems and IT risk.
• Ensure that consistency is in place between IT risk and Operational Risk Management Frameworks and measurement applications.
• Ensure and perform a comprehensive IT Risk analysis and Assessment for IT Department and Group level and E-banking products.
• Set up a process in coordination with Operational Risk for conducting the CRSA and findings actions.
• Develop Key Risk Indicators (KRIs) to measure IT risks and support overall risk management reporting.
• Comprehensive reporting and presentation of IT Risk at the Executive Management which compile of the IT Risk Information as input into related committees.
• Support the maintenance and review of Business Continuity Plans (BCP) and the associated activities around Business Impact Analysis (BIA), BC plan creation, BC plan testing / exercises and crisis management planning.
• Review, recommend and take active part in the overall development, implementation and testing of Business Contingency Plan of the entire bank within the approved scope.
• Participate in the change management process for assessing the submitted changes.
• Review system change requests from the risk and process point of view for all created change requests.
• Coordinate with IT security and ensure systems accesses are granted consistent with the related procedure and with appropriate functionality.
• A focal point for all risk management change requests.

Requirements

Qualification Requirements:

• Good understanding of banking industry with hands on experience of working for local or international banks
• Good knowledge and understanding of technologies and systems used in the financial sector / banks
• Knowledge of core banking systems and the application architectures used in Banking environment
• Good knowledge of application of the Technology Risk & Control framework
• Significant analytical and critical thinking skills
• Practical knowledge of performing IT risk assessments and suggesting risk mitigation plans to business and IT
• Good understanding of Risk Management principles.
• Good time-management skills.
• Self motivation and leadership attributes.
• In addition, wining commitment to the implementation, and optimization, of risk management policies is an integral part of the job, so must be comfortable in negotiating with members of staff at both senior and executive level.

Education and Experience:

• 10-12 years of overall professional experience with a minimum of 5 years of experience working for banks
• A minimum 6-7 years of experience in Information Technology Risk Management or IT Audit
• CRISC (Certified in Risk and Information Systems Controls)
• CISA(Certified Information Systems Auditor)
• Minimum Bachelors / Masters with majors in computer sciences and finance as a subject
• IT Projects management Experience Preferred (PMI / Prince2)
• IT Governance – COBIT Preferred
• Excellent verbal and written communication skills
• Bilingual (Preferred)

About the Company

Saudi Networkers Services, incorporated in 2001 with an aim to provide the world class business and consulting services through a combination of market insight, technical excellence and unrivalled agile methodology.

Our success stems from building strong relationships and trusted partners, which enabled us delivering exceptional services to public sector, as well as some world's leading organizations, in Telecommunication, Information Technology, Cyber Security, Banking, Energy, Utilities and various other industry arenas.

We collaborate closely, ideate that how the work gets done, while working alongside businesses to collaborate on growth and applying breakthrough innovations, that drive exponential impact, managed by teams specialized in their assigned industry sectors.