Senior Director of IT Risk
Alrajhi Bank
Total years of experience :17 years, 8 Months
Establishing IT risk function in ARB bank
My vision is to establish IT Governance, Risk and Compliance (ITGRC) as a center of excellence that will foster a culture of “Self-Governance,
Risk-awareness and conformance to standards” while achieving SAMBA objectives and goals.
In my pursuit to establish a powerful and functional ITGRC, three main goals are instated:
• Optimal strategic alignment between IT and business.
• Obtain a risk aware environment.
• Measurable and transparent compliance levels.
To achieve these goals the following departments are established:
• IT Governance Standards Department (ITGS):
• Setup Cobit5 governance framework.
• Plan, coordinate and implement IT Governance, Risk and Compliance initiatives.
• Propose new ITGRC initiatives.
• Suggest policy, process and/or procedural changes based on IT KPI’s, information security incidents and ARR findings.
• Participate in the relevant committees and meetings:
• Information Technology Steering Committee. (ITSC)
• Change Control Board. (CCB)
• Group Risk and Compliance Committee. (GRCC)
• IT Risk and Compliance Department (ITRC)
• Risk Management:
• Build IT Risk register.
• Conduct IT risk assessment.
• Monitoring and reporting of IT risk gap.
• Propose new IT risk controls.
• Define and coordinate IT risk mitigation actions.
• Review, authorize and follow-up risk acceptance forms.
• Risk Control Self-Assessment (RCSA):
• Work closely with IT teams to conduct Risk Control Self-Assessment (RCSA).
• IT RCSA validation.
• Suggest enhancement to IT RCSA profile.
• Develop and execute a mechanism for checking IT staff compliance with policies, standards and procedures.
• Act as a single point of contact between IT and Audit/Regulatory entities.
• Support external audit fieldwork and assist in the prompt closing of audit issues.
• Work with all STG teams to ensure timely closure and follow up on MARS issues.
• Sustain constant STG heads awareness of risks related to their departments.
• Follow up with STG divisions to ensure that they carry out their certification and compliance related activities.
• IT Monitoring (ITM)
• Define and maintain strategic STG performance dashboard.
• Report and monitor Technology KRIs (Key Risk Indicator). And suggest enhancements.
• Evaluate and report STG KPIs (Key performance Indicator), and suggest enhancements.
• Evaluate and report STG KQIs (Key Quality Indicator), and suggest enhancements.
• Monitoring and reporting STG compliance level.
Monitoring and reporting STG Skills Gap.
- Aligning Department strategy to ITG strategy.
- Defining Department goals and monitoring progress.
- Analyzing and improving ITG processes.
- Assessing and reporting ITG product quality.
- Identifying weaknesses and suggesting improvements.
- Establishing and building IT Standards and Compliance team.
- Managing and coordinating all of ITG audits (SAMA, CMA, PCI…etc.).
- Business operational Risk coordinator for ITG.
- Reviewing and maintaining ITG Risk profile.
- Maintaining ITG policies and procedures with accordance to ITIL, COBIT, SAMA, and CMA…etc.
- Enforcing compliance with policies, standards and procedures.
- Process automation and Improvements.
- Reviewing, evaluating and building SLA’s with vendors and customers.
- Building proficient and productive UAT team.
- Defining UAT team KPI’s.
- Creating UAT /Defect process f low.
- Defining UAT entry/ex it SLA’s.
- Standardizing UAT documents.
- Maintain relevant Stakeholders engagement in UAT activities and products/changes signoff s.
- Building and grooming current resources to be independent, self-starters, knowledgeable in their field and following the internal department procedure.
- Ensure comprehensive test Scenarios according to requirements with detailed expected results for all different business cases.
- Better resource utilization To perform the required job according to the officially distributed responsibilities within the current allocated number of staff
- Review, test, monitor and control all users’ acceptance tests with coverage f or all different business cases.
++Supplementary Tasks:
- As a goal of the division, I have been assigned to manage Project Quality Managers team as a unit.
- Member of SAMBA Process Focus Group, which is responsible of enhancing involved SDLC;
- QAPT D representative in CMMI Appraisal Team. Participant in ISO 9001:2008 Surveillance Audit.
- Reviewing and enhancing adopted forms (SIT plan, Defect log sheet… etc.).
- Maintain relevant Stakeholders engagement in SIT activities and products/changes signoffs.
- Building and grooming current resources to be independent, self-starters, knowledgeable in their field and following the internal department procedure.
- Ensure comprehensive test Scenarios according to requirements with detailed expected results for all different business cases.
- Better resource utilization To perform the required job according to the officially distributed responsibilities within the current allocated number of staff.
- Review, test, monitor and control all users’ acceptance tests with coverage for all different business cases.
++Supplementary Tasks:
- Participant in creating new SDLC for new change requests type. Suggest forms to meet new SDLC process (BRS, Design documents… etc.).
- Participant in enhancing carried out SDLC to be more time and cost efficient.
- Change Management System support and development was part of my responsibilities (IBM Rational Clear Quest).
- Reading and understanding Business Requirement and Specification.
- Marking any concerns in regard of the project documents.
- Preparing project test Plan.
- Building test cases based on project documents.
- Carrying out the test cases on the developed project.
- Raising defects faced during executing the test cases.
- Summarizing the test activities in Test Summary report.
- Automating the test cases using IBM Rational automation tools.
- Assisting Automation tools to be used by the bank.
- Enhancing and modifying Quality Assurance role in the SDLC adopted by the bank.
++ Systems in which I carried out mentioned tasks :
- Core Banking System (Upgrade, New Projects, enhancements…).
- Remote Channel systems (AT M, IVR, Internet Banking, SIEBEL…).
- SADAD E-government System (Bank Al Bilad Vocal point with SADAD
- Technical support Team).
Analyzing business requirements and extracting testing scenarios in addition to carrying out user acceptance testing. Main responsibilities are as follow:
- Reading and understanding Business Requirement and Specification.
- Marking any concerns in regard of the project documents.
- Preparing project test Plan.
- Building test cases based on project documents.
- Carrying out the test cases on the developed project.
- Raising defects faced during executing the test cases.
- Summarizing the test activities in Test Summary report.
- Automating the test cases using IBM Rational automation tools.
- Assisting Automation tools to be used by the bank.
- Enhancing and modifying Quality Assurance role in the SDLC adopted by the bank.
+ Systems in which I carried out mentioned tasks :
- Core Banking System (Upgrade, New Projects, enhancements…).
- Remote Channel systems (AT M, IVR, Internet Banking, SIEBEL…).
- SADAD E-government System (Bank Al Bilad Vocal point with SADAD
- Technical support Team).
Computer Science is deliberately oriented towards giving the students education in the broad area of computer science from which the student can acquire the necessary skills and experience needed to solve real-world practical problems. In addition, students are given the freedom to create their own computer science study program in either breadth or depth so as to enable them to pursue their strengths and interests depending upon their future career plans. In our attempt to produce students who are self-reliant, self-learning, and creative, all our elective courses have been designed without scheduled tutorial classes. The curriculum places strong emphasis on practical skills in computer programming, problem solving, abstraction and modeling, and the design and development of software and algorithms. Consequently most of the courses are complemented by practical exercises which, (except for some first-year courses which have closed labs), are done on an unscheduled basis.