Senior Manager - Technology Regulations and Business Management

Senior Manager - Technology Regulations and Business Management - The purpose of the role is to support the organization (Group IT) in its Group wide Regulatory Compliance management, Security Culture, Enterprise Technology Risk (audit & operational risk) and governance activities. The role also contributes to the development, implementation, and maintenance of ENBD's standards, framework and processes related to regulatory compliance, awareness, and enterprise technology risk (audit & OpsRisk) across the Group and the regions we operate.

This unit is responsible for facilitating the analysis, preparing the mitigation plans and tracking variances and periodically following through to reduce the backlog and presenting the Enterprise Technology Risk updates (audit & OpsRisk) and regulatory compliance levels of the Group across the organization. This unit also ensures that best practices and benchmarks are applied for maintaining better adherence to strive towards the objectives of a global technology leader.

Key Responsibilities :

• Facilitate the management of regulatory compliance and ensure that the organization complies with relevant laws and regulations related to cybersecurity, privacy, and outsourcing. Ensure that all regulations are tracked and updated.
• Facilitate the management of security culture across the Group and promote security awareness with continuous improvement as per the KPIs / KRIs
• Facilitate the governance of the technology Risk registers and highlights the risks and the business impact to relevant stakeholders whilst proactively identifying security deficiencies or opportunities for improvement through the development of pragmatic solutions.
• Facilitate both internal and external audits and track them for closure with corrective actions in place - acting as a single point of contact and building reports and updates periodically.
• Facilitate with regulatory bodies to collect requirements and meet regulatory requirements to their various standards related to cybersecurity and technology.
• Facilitate cohesiveness in bridging the gap between audit, risk, and regulatory compliance activities within Group Information Security by enabling a single pane of glass of all related issues and gaps.
• Contribute for the definition of vision for the team and play a key role for the implementation of strategic plans related to Enterprise Technology Risk (audit, risk) and regulatory compliance for the organization.
• Manage the governance of the IT Threat register / Audit Register and highlights the risks and the business impact to relevant stakeholders.
• Development and Implementation of Enterprise Technology Risk (audit, risk) and regulatory compliance frameworks for the strategic positioning for the process.
• Collaborate with Internal Audit to conduct IT audits in a timely manner and ensure follow-up of open issues are rectified as per agreed action timelines and report any non-compliances to senior stakeholders.
• Collaborate with external auditors to ensure IT Audits are performed in a systematic approach
• Present the outcome as a summary of pending audit / risk / regulatory compliance issues to senior management on a regular basis.
• Single point of contact for all external audits to coordinate the efforts and measures needed to drive the audit.
• Ensure Policies, Standards, Procedures undergo internal quality checks and manages the lifecycle of the related documents.
• She / he will also lead the team to align with business stakeholders on possible ways to meet security challenges and promote security awareness & security culture across the organization. Creating the culture of business security champions to develop awareness across the organization. She / he ensures early involvement of security in business projects to avoid unnecessary rework or delays
• Manage the various regional regulatory frameworks and data privacy standards, which the Group must adhere to such as UAE NESA, TRM, SAMA CSF, RBI Guidelines, PCI DSS, SWIFT etc.
• Translating regulatory requirements into business outcomes required for the data security and privacy programs.
• Support the team with enhancements in the areas of regulatory compliance management automation and security culture initiatives

Key Requirements :

Skills Required

It Service Management, Cisa, Security Controls, Itil Foundation, cipp, Cissp, Iso 20000, Enterprise Risk Management, crisc , Cism