Technology Risk Manager
Banque Saudi Fransi
Total years of experience :14 years, 4 Months
Assist to establish and review the technology risk management policy, mechanism and tools of the Group with reference to Head Office and regulatory requirements.
Assist and monitor first line of defense in applying technology risk management tools in identifying, assessing, monitoring and controlling technology risk, and provide guidance on necessary mitigation measures.
Assess the adequacy and effectiveness of the controls from technology risk perspectives during due diligence of new products/ service propositions and, provide advisory and recommendation on new technology solution of IT initiatives.
Coordinate technology risk related regulatory examinations and communication, conduct reviews to identify possible risks and provide recommendations to address the control weakness, and monitor the implementation progress of the remedial action(s).
Collation and compilation of Key Risk Indicators (KRIs) for Technology Risk Reporting. Perform analysis of the KRIs to identify emerging risk trends, recommend actions to address the risk,
and track the actions to completion.
Facilitate completion of Risk Control Self-Assessment (RCSA) and Technology Regulatory Self-Assessment (TRSA) attestations across Technology. Support in the performance of risk assessments with stakeholders. Monitor Technology performance in risk including tracking of resolution of issues and breaches, operational risk incidents, and inspection issues.
Perform continuous risk assessments of the Technology environment to ensure that the design of controls is in-place and operating efficiently and effectively. Perform thematic reviews via key controls testing to enhance operational effectiveness and efficiency in Technology operations processes and procedures.
Advise Executive Risk Committee/Technology Risk Management Committee on status of action plans, risk monitoring and the outcome of risk assessment.
Assist to prepare regular management reports on technology risk status of the Group.
Designing and implementing an overall risk management process for the organization, which includes an analysis of the financial impact on the company when risks occur.
Performing a risk assessment: Analyzing current risks and identifying potential risks that are affecting the Riyadh Bank.
Review and Evaluate Privileged access requested by Management and Periodic reviews of exceptional access to get re certified from Functional owners.
Demonstrates proven expertise and success in a role leading and collaborating, directly with senior management, delivery, practice development and thought leadership related to Information Security solution development, assessment and implementation.
Performing a risk evaluation: Evaluating the Riyadh Bank previous handling of risks and comparing potential risks with criteria set out by the company such as costs and legal requirements.
Review applications, systems, tools, and infrastructure for risk identification, applications, systems, tools, and infrastructure for risk identification, assessment, evaluation, control monitoring and testing.
Develop IT Risk Management program inclusive of education, procedures, risk register maintenance, action plans and management reporting to ensure projects and management reporting to ensure project.
Risk Assessment with control and security techniques involving password and access management, segregation of duties, logging and monitoring, data encryption, data backup and recovery, disaster recovery, business continuity management.
Responsible to build effective relationships and communications with cross functional teams including key stakeholder groups and Manage issues, track remediation and register risks in partnership with the business units and ISRM.
Upon introduction of new application, network, or hardware solutions to the Riyadh Bank environment, executes a risk assessment of the solution to ensure the continuity of system security.
Perform Information Security risk assessments and assist as the internal auditor for Information Security processes.
Develop, update and review Information Security policies, standards, procedures and guidelines
Develop and Implement Cyber & Information Security Risk Assessment Framework.
IT Governance: Writing policies and processes, Defining and Measuring KPI’s, Process audits, Establish Improvement plan, managing vendors (Vendor Management) via Service Level Agreements (SLA) and managing Internal stakeholders via Operational level agreements (OLA).
IT Process Automation: Building strategy for automation via RPA’s and Orchestration.
Determining and recommending the improvements to enterprise risk management controls.
Performed assessment of IT internal controls as part of the compliance and operational audits.
Conduct audit for information security incident management, Business continuity management and security compliance.
Identified and communicated audit findings to senior management and higher Management.
Performed assessments of application controls and IT general controls such as access control, change management, operations, disaster recovery and job scheduling.
Supported the development, implementation, and monitoring of data confidentiality, system integrity, system reliability, recovery methods and procedures.
Reviewed SDLC, designed, and implementation of process and automated controls, data created final audit reports and oversaw the implementation of creative action plans while maintaining communication with all levels of management.
Network Engineer | Reported to Manager MSS CNOC
Responsible for the provisioning of new circuits and services along with the implementation of configuration changes.
• Ensure implementation and adherence to the problem escalation procedures to coordinate maintenance of the identified network fault.
• Monitor SLA’s for both customers & contra
actors and escalate whenever the SLA is breached.
• Isolate problem trends and ensures that troubleshooting efforts are completed for recurring problems until permanent solutions are found.
• Responsible for Incident Management and troubleshooting routing protocols such as Static, RIP, OSPF, EIGRP and BGP.
• Configuration of Cisco1841, 1921, 2811, 3825 routers as CE for different L3-IPVPN and ILL customers.
• Execution of changes based on change request from customer.
• Proactive monitoring using HP Open View, HP Network Node Manager (NNM9i) and troubleshooting L2 and L3 IPVPNs incidents as per the agreed SLA.
• Opening and assigning trouble tickets to the concerned team using HP Service Manager.
• Coordinate with the concern department to add the device in OVPI to generate the device availability & Interface BW utilization report.
• Owned execution of IT Projects on diverse themes ranging from Network cabling, Routing, Switching, Server, CCTV, Firewall, Access control, Audio Visual.
• Managing and expanding Local Area Networks ‐ Head Office (Dubai) & regional offices.
• Managing & configuring wide Area Networks ‐ Corporate Data Network.
• Maintenance of IP Schemes (UAE plus KSA, Oman, Qatar, Bahrain, WAN, LAN, Wi-Fi).
• Involved in handling installation, configuration, up-gradation, hardening and troubleshooting of Firewalls, Switches, and Routers.
• Managing the five-members team to help them technically and advising them for process.
• Monitored LAN, MPLS & VPN link and troubleshot ISPs for issues.
• Planning, configuring and managing the Security policies with Cisco ASA.
• Performing and Implementing Network Link upgrades and migration with ISPs.
• Technical Team Member for the designing, implementation, integration and migration of PICIC and PICIC Commercial Bank Redesigning of IP Core Network and implement VLan's using Cisco Nexus 5000 and 2000, 4500, 3750, and 2950 switches.
• Configuration and integration of P2P VPN Link of IB, Debit Card and POS services.
• Mechanism for pro-active monitoring of special services like 1-link, RTGS, NADRA and internet etc.
• Monthly Branch Power issues report to higher management.
• Providing weekly and monthly Network down time report to higher management.
• Mechanism for pro-active monitoring of special services like 1-link, RTGS, NADRA and internet etc. Providing daily and Monthly Branch Power issues report to higher management.
• Generate NIB Branches Monthly Network Up Time report on end of month.
• Organized and managed cable harnessing, cable tagging, power harnessing activity on all the racks of DC.
• Deployment for separate NMS of Backup Links for proactive monitoring.
• Managing team to provide 24x7 networks up time and help support team in troubleshooting.
• Troubleshooting and resolving operational issue and ensuring 99.99% uptime performance.
• Manage and coordination for deployment of services for internet banking.
Computer Science and Communication
URL removed due to policy violation. Please contact support for further information.