Chief Information Security Officer and Executive Head Analytics - UAE National

JOB PURPOSE: To lead the development of information and physical security strategy for ADCB, overseeing its implementation, leading data driven insights and develop strategies for operational improvements and future business initiatives, incorporating the functional line of Data Management and all Risk Projects to ensure the security across information technology and business systems as well as governance of physical security

ACCOUNTABILITIES:

1.Strategy and Plans : In conjunction with, and as required by the Group Chief Risk Officer, contribute to the formulation, implementation and delivery of the Group’s strategy in line with the ADCB’s vision, mission, values and priorities

Translate the strategy into operational business plans for the short, medium and long term within the function and ensure that performance is monitored, reported and delivered and necessary actions are taken to achieve the strategy and plans

2. Information Risk Mitigation and Security Governance: 

Identify current and potential legal and regulatory issues affecting information security, monitoring the assessment of their impact on the Bank in order to recommend suitable action plans and enable informed decision making

Design, monitor, structure and implement information security governance structure reviewing and providing recommendations on correction actions in order to manage conformity and compliancy of security Bank wide and for security violations

Manage the testing plus review, challenging actives for security architecture in order to evaluate the security strengths and detect possible threats to IT systems

3. Data Governance and Data Privacy: 

Manage the monitoring of Data Privacy violations and root cause analysis, in order to aid the establishment of recommendations on corrective actions,

Manage the necessary standards guidelines and policies to ensure they are update to date and accurate to changes

Oversee the Bank wide strategy for data governance and the utilisation of data/information including the implementation of an infrastructure/framework/standards and governance protocols, the introduction of data quality controls/monitoring and regulatory reporting in order to enable data as an asset and driver of innovation whilst reducing information risk and ensuring regulatory compliance

4. Providing Advice and Guidance: 

Provide technical advice and guidance to all departments and Business Units across the Bank, with respect to information security/physical security and develop and administer awareness programmes for all employees in order to create a security and risk aware culture

Provide subject matter expertise, direction and support in the implementation of Bank wide strategic data related projects (including systems, frameworks and the conversion of non-digital data into digital data) to ensure implementation is in line with established governance programmes, data quality controls and meets regulatory requirements

5. Relationship Management: Manage key relationships with ADCB’s internal and external customers for information and physical security, data management and data privacy related work  to ensure that these relationships continuously serve the Bank’s best interests and support the achievement of the strategy

6. Reporting: Review all reports related to risk mitigation measures, data management, data privacy, data governance, information security breaches, physical security governance, management reports and dash-boards to ensure comprehensiveness, accuracy and compliance to policies and standards

7. Leadership: 

Manage employees and teams by overseeing their performance management, recruitment, learning and development to ensure high levels of engagement, and competence, a motivated work environment and to maximise employee contribution to business performance

Support Emiratization initiatives to ensure the achievement of ADCBs going growth plans

8. Change Management: Drive the management of change in the business area through direct reports and teams by providing inputs for, and partaking in change initiatives, programmes and projects taking into account best practice and standards in the business environment

9. Financial: Recommend and manage the budget for the business area and monitor financial performance so that the business is aware of anticipated costs and revenues, areas of unsatisfactory performance and improvement opportunities are identified and addressed to ensure the budget is managed in line with requirements

10. Policies, Processes, Systems and Procedures: Develop and oversee the creation and implementation of the required policies, procedures and controls covering all areas of the business area’s activity so that all relevant procedural/legislative requirements and standards are fulfilled while ensuring that ADCB delivers best-in-class services, products and innovation whilst safeguarding the Bank

11. Customer Service: Demonstrate Our Promise and apply the ADCB Service Standards to deliver the Bank’s required levels of service in all internal and external customer interactions

EXPERIENCE, QUALIFICATIONS & COMPETENCIES

Minimum Experience : At least 12 years of experience in information security, IT Audit, IT operations, data management, data privacy obligations and information risk assessment with a minimum of 5 years in a managerial role

Minimum Qualifications: Bachelor’s Degree in Information Technology Engineering, Computer Science Engineering or a relevant specialisation

Professional Qualifications: 

Certified Information Security Manager

Certified Information Systems Security Professional

Data Management/Data Privacy qualifications

Knowledge and Skills: 

Strong knowledge in Information Security, Cyber Security, Physical Security, Data Management and Data Privacy risk frameworks /principles

Reasonable legal background

Strong knowledge of banking including Islamic banking products and associated IT architecture

Ability to balance between compliance requirements and business needs

Excellent communication and presentation skills in expressing and articulating thoughts clearly and concisely

Sound Knowledge Regulatory requirements

Self-motivated

Flexible

Independent personality who is interested in the risk identification, risk assessment, risk treatments, controls, assurance and governance aspects of the Bank's activities

Ability to think outside box