Role Summary :
The incumbent will manage and lead the risk assessment function in the IT Risk and Security team. The incumbent will have the primary responsibility of ensuring that Information Technology applications and infrastructure in the Group comply with IT Security Policies and Standards, any relevant regulatory requirements as well as industry best Cyber Security practices.
The incumbent will also be tasked with the creating and leading a Red Team that will continuously assess the security of QNB.
This is a mixed role that requires a combined of team managements and technical information security assessor skills.
Role Description :
Manage a team of experienced risk assessors.
Create and manage a Red Team in the department and take responsibility for service definition and delivery.
Customise and use established methodologies, conduct technical reviews and penetration testing activities of business applications and infrastructure projects e.
g. technical risk assessments of internet facing applications, workstation and server build platforms, databases, networking, and virtualisation technologies.
Perform security risk assessments of QNB systems. Assessing the effectiveness of the systems ,the security architecture design, compliance to IT security policies and relevant standards.
Provide subject matter expertise for the enhancement of network security posture of the organization.
Develop close relationships with senior IT and business stakeholders. Understand and manage their requirements for Group risk services.
Assist other teams in the Group Risk division with technical IT Security reviews and provide guidance as a subject matter expert for information security.
Provide Ad-hoc consultancy for risks of new technologies coming up with potential solutions.
Plan and organise the work so that it is efficient and effective and allows service to be delivered promptly and reliably.
Identify opportunities and develop new ideas that will lead to improvements.
Adapt / change behaviour or plans to better achieve the target / objective.
Analyse a complex problem and identify potential solutions by exploring and analysing diverse alternatives, including, where applicable, risks and potential business impact.
Ability to make the right decisions based on the necessary information and to take measures accordingly.
Liaise with external consultants appointed from time to time to assess the adequacy and effectiveness of the Group’s information security efforts.
Set high targets / objectives for self and department. Is influential in reaching targets. Prefers to take the initiative than to stay passive if events happen.
Committed to improving productivity. Unwilling to accept average performance. Tries to be above the requested performance.
Assess the effectiveness of the various information security systems and network topologies and evaluate security posture of QNBG.
Provide required support for enforcing the security policies of the organization.
Build and maintain strong and effective relationship with all other related departments and units to achieve the Group’s goals / objectives.
Group Information Security Management apprised of the latest security trends and vulnerabilities.
Conducts performance reviews for subordinate staff and provides coaching and staff performance feedback.
Bachelor / Master’s Degree preferably in a scientific, computing, mathematical or engineering degree or equivalent experience.
Professional certification such as CISSP, CISM, CISA is mandatory
Solid experience in undertaking technical security assessments of complex IT solutions including penetration testing and red team activities.
Possess an understanding of business processes and controls in all related operational areas.
Solid understanding of information security issues, best practices, and a working knowledge of IT systems.
Previous Banking or Big 4 Consultancy work experience is mandatory
Strong knowledge of penetration testing tools and techniques of application and infrastructure components.
Strong knowledge of network topologies, logical access controls and firewalls technologies.
Strong knowledge of operating systems (Wintel, Solaris and Linux)
Having an understanding or experience in identifying zero day exploits
Having experience in assessing and designing multi-forest Active Directory domains
Programming experience (ASP, PHP, C#, etc.)
Ability to work under pressure
Strong client focus