Job description / Role
- Managing the Information Security Vulnerability assessment and risk mitigation process across the bank
- Define, enforce, monitor and update the Security Baseline standards for all key technologies
- Participate in the Change Approval Board (CAB) and review all Change requests from IT Security perspective to ensure the anticipated change does not have any negative impact on established IT security processes
- Track and Monitor all audit findings related to IT Security enabling the timely closure of such findings / closing gaps as agreed during audit closure meetings
- Track and monitor penetration testing and application security assessment findings/gaps, and ensure timely mitigation of such findings/gaps as agreed with the management
- Maintain and timely update of the Risk register pertaining IT Security
- Maintain privilege access management process across the bank
- Assist Head of IT Security to maintain the security compliance related to regulatory, audit and certification standards including ISO 27001, NESA, Swift and PCI DSS
- Define, maintain and update the vulnerability management process
- Maintain Vulnerability status dashboard and Vulnerability mitigation tracker to ensure regular vulnerability assessments are conducted covering all key technology areas as per the established process
- Review, maintain and document compensating controls for high risk vulnerabilities when there is no direct solution available to fix the vulnerability due to technology limitation or cost involvement
- Ensure security baseline documents are defined, communicated and updated covering critical IT assets including databases, network devices, servers and end points.
- Review all Change requests and service requests to ensure the anticipated change does not trigger new vulnerabilities / security process gaps
- Maintain audit tracker, conduct regular follow up meetings with all stake holders and ensure the closure of audit gaps within the agreed timelines.
- Ensure findings are not repeated in subsequent audits.
- Maintain application security and penetration testing status tracker and liaise with all stake holders
- Review and update the risk register to ensure the most accurate risk posture is reflected at any given time.
- Manage privilege access management system and ensure all critical system access are made though established process
- Coordinate Security compliance process covering regulatory, audit and certification standards including ISO 27001, NESA, Swift and PCI DSS.
- Maintain and update the status tracker related to each of the compliance domains mentioned above.
- Bachelor's degrees in Computer Science, Information Systems or equivalent work experience are required.
- CISA/CISM/CRICS/CISSP or well-known industry relevant certification is preferable.
- Minimum 5 years in IT Security related work arena.
- Experience in computer security operations, policies/standards, and IT Vulnerability, threat & risk management.
- Knowledge of security frameworks, standards, and guidelines is preferred.
- Project Management experience.
- Excellent command of English, Arabic is a plus
- Planning and organizing skills
- Communications skills
- Problem solving skills
- Excellent Interpersonal relations skills
- Stakeholder Management
About the Company
In 1969, when we at Commercial Bank of Dubai started out little did we know that sheer grit and determination would get us where we are today. An Emiri Decree issued by His Highness the Late Sheikh Rashid Bin Saeed Al Maktoum, the founder of modern Dubai, laid the cornerstone of Commercial Bank of Dubai. We started out as a joint venture of Commerzbank, Chase Manhattan Bank and Commercial Bank of Kuwait. A minority stake was held by a few UAE businessmen.
By 1982, little more than a decade later, we evolved into a National Public Shareholding company. A feat complimented by an exponential increase in the capital base and mammoth restructuring of our operations. The feather in the cap came when the Government of Dubai became a key shareholder.
Over the decades, we have transformed ourselves into a progressive and modern banking institution. We are supported by a sturdy financial base and reigned by a strong and stable management. The proof of which lies with our customers who have stood by us over the years.