The aim is to supervise and guarantee the implementation and embrace of the Cyber Risk framework throughout IsDB. This role involves wielding the authority of the second line of defense at a corporate level to handle cyber and information security risks.

The key tasks include overseeing the risks associated with IsDB's IT resources and information assets by formulating a cyber risk management framework, executing annual risk assessment plans, maintaining the IsDB cyber risk register, tracking the progress of risk mitigation plans, and ensuring the governance of risk management in the first line of defense.

Cyber and information risk governance

• Establish, update and maintain cyber risk management framework and associated artifacts.

• Ensure that risk management practices are executed as per the framework in the1st and 2nd lines of defenses.

• Oversee the risks identified by 1st line of defense and consolidate or update in IsDB cyber risk register.

Cyber Risk Management

• Identify and manage information security risks to achieve business objectives, through developing systematic, analytical, and continuous risk management processes to ensure that risk identification, analysis, and mitigation activities are integrated into projects and process life cycles.

Cyber Risk Monitoring

• Monitor the progress of risk mitigation plans listed in IsDB cybersecurity risk register, and verify the effectiveness of controls implemented as per risk mitigation plans.

2nd Line of Defense Governance

• Provide advisory inputs to 1st line of defense and IMDT about cyber security projects.

• Participate in reviewing cyber security artefacts.

• Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Information Technology, or related discipline.

• 10 years of relevant post-qualification experience, with at least three (3) years of cyber risk management experience.

• 3 years of managerial / relevant supervisory experience is mandatory.

• Possession of security and risk certifications, such as CISSP, CISM, CISA, CRISC, etc., would be an advantage.

• Mixed managerial, analytical, and technical skills and knowledge in all aspects of computer security in multi-IT areas: database, development, network, operating systems, IT security, applications security, etc.

• Good understanding and writing skills of computer systems security strategies, policies, principles, procedures, and standards.

• Good technical knowledge and experience in Business Continuity Planning areas.

• Good understanding of Incident management and security related events and response processes.

• Good Knowledge of risk assessment processes

• Good understanding of 1SO27001-2, and current legal and regulatory requirements relating to information security and privacy

• English - Required

• Arabic - Preferred

• French - Preferred