The incumbent will be primarily responsible for providing oversight, guidance and governance to the QNB Group Subsidiaries in all matters relating to the QNB Group IT Security.
In addition to direct responsibility for Subsidiaries the incumbent will also be coordinating with the Group Information
Lead in the implementation of the New QNB Group Information Security Framework (Polies, Procedures and standards) with the aim to improve the groups management of its Information Security
Increase the effectiveness of management’s oversight by creating a methodology and list of KPI / KRIs to monitor the effectiveness or controls and assess the security posture of the entities.
Provide inputs in the Information Security Department’s annual budgeting process.
Assist the Group Chief Information Security Officer in preparing the Information Security Strategy that reflects the Group’s tolerance for risk and present it to the GCRO for discussion / review.
Ensure that policies, procedures, directives and guidelines of Group Risk Committees are promptly disseminated to, and understood by, the concerned officers and staff in the various QNB International Units to ensure that the best interests of the Bank are protected, Risks are mitigated, efficiency of operations are enhanced, and / or financial losses are avoided, and for action by the units.
Distil insights and provide clarity on the top 10-15 most important or material Information Security Risks to support risk-
informed decisions at the executive committee level, ensure a risk dialogue among the management team, and enable proper risk oversight by the board
Promote a strong control culture and general awareness of risk management across the business.
Build and maintain strong and effective relationship with all senior management in Business and Support departments and units to achieve the Group’s goals / objectives.
Build and maintain strong and effective relationship with all relevant stakeholders in Subsidiaries and International branches to achieve the Group’s goals / objectives.
Provide timely and accurate information to the external and internal auditors and the Compliance function as and when required.
Ensure the pro-active participation and support of QNB International Units in the preparation / updating of policies, procedures and guidelines.
Ensure that the information security framework is well embedded across the business and functions to ensure transparency of risks, issues and events.
Regularly contribute presentations to governance committees ensuring the Information Security profile is clearly reported and understood.
Consolidate portfolio management data / other MIS information received from the other Information Security sub-functions.
Produce adequate and accurate reports pertaining to Information Security and disseminate the same to the concerned business units / senior management for their consideration / action.
Stay updated with the relevant best practice pronouncements pertaining to Information Security and work towards instilling the same within the Group’s Information Security practices.
Develop / finalize and report on the Key Risk Indicators (KRIs) established for each of the Subsidiaries and International Branches.
Carry out appropriate on-going evaluation of all systems, processes and infrastructure, to ensure policies, processes and standards are in place to identify, assess, measure, manage and report Information Security’s, including identification of the Subsidiaries systemic Information Security.
Escalate relevant Information Security reporting / issues as requested by the Group Chief Information Security Officer to include and comply with all internal and / or external requirements.
Assist in the delivery of other projects as mandated by the Group Chief Information Security Officer
Bachelor degree preferably in information technology or related subjects.
Professional certifications such as CISM, CISSP is mandatory.
Minimum of 12 years’ experience in a major International bank of which at least 4 years in a management position in Information Security department
Ideally a mix of both 1st, 2nd and 3rd line experience
Excellent oral and written communication skills in English
General knowledge of regulatory, political, reputational and environmental risk issues that would impact a complex financial services entity.
Proficiency in risk concepts, banking products / operations / systems, pertinent regulatory requirements.
In-depth understanding of Information Security methodologies.
Self-motivated, eye for detail.