Department

Risk Management

Location

Head Office

Level

Assistant Manager / Manager

Report to

General Manager – Risk & Controls

Position’s Purpose and Role

  • To effectively manage the activities of Risk Management Function
  • To escalate any high risk related issues to relevant authorities
  • Generate MIS to measure and support the performance / enhancement of the unit.

Duties & Responsibilities

  • Help in developing, implementing and reviewing the risk management policies and processes to identify measure and monitor the company’s exposure to all the risks identified in the Risk Management Policy and other documents
  • To closely liaise with all departmental heads in carrying out his / her responsibilities
  • To provide an assurance that the Company has identified its highest-risk exposures and has taken steps to properly manage these
  • To ensure that the Company’s business planning processes include a focus on areas where risk management is needed
  • To establish a process across the Company that will integrate the various risk management measures
  • Identify and monitor Key Risk Indicators and Key Risk Parameters.
  • Periodically monitor the actual performance across the lines of business against their respective risk appetite levels and report exceptions
  • Recommend changes to the risk appetite levels and its impact on business profitability, under the business expansion/ contraction strategies
  • Liaise with the departmental heads, to monitor the risk inventories and associated controls across the company’s functions and report exceptions
  • To be involved in all significant business change activities including new product development and implementation proposals for ensuring risk management considerations are adhered
  • Provide regular reports to the Management on key risk issues and developments
  • Provide results of key risk assessment activities on a periodic basis
  • Review any legal claims on the company and report on potential strategic, financial, operational and reputational risks
  • Perform the Loan Review Mechanism function as per CBO guidelines
  • Perform independent risk review on high value credit proposals.
  • Provide periodical reports as agreed per the policies procedures
  • Perform any special tasks given by the Line Manager / Executive Management

Department

Information Security

Location

Head Office

Report to

General Manager – Risk & Controls

Position’s Purpose and Role

The ISM is responsible for establishing and maintaining company wide information security management program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.

Duties & Responsibilities

The ISM’s job is composed of a variety of activities, including very tactical, operational and strategic activities in support of the Information and Physical Security Program initiatives, such as:

  1. Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.
  2. Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
  3. Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
  4. Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.
  5. Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
  6. Provide regular reporting on the current status of the information security program to enterprise risk teams and senior business leaders as part of a strategic enterprise risk management program.
  7. Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.
  8. Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
  9. Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
  10. Ensure that security programs comply with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
  11. Manage security incidents and events to protect company IT assets, including intellectual property, regulated data and the company’s reputation.
  12. Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
  13. Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.
  14. Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.
  15. Liaise among the information security team and compliance, audit, legal and HR management teams as required.
  16. Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.
  17. Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors.
  18. Manage security issues and incidents, and participate in problem and change management forums. Ensuring timely reporting and adequate participation in investigation for security incidents, with regulators and / or Law Enforcement agencies as applicable.
  19. Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
  20. Work with the IT and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program.
  21. Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
  22. Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
  23. Develop a strong working relationship with the security engineering team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.
  24. Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
  25. Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
  26. Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and comply with policies and audit requirements.
  27. Monitor User id management across all operating platforms including and not restricted to reviewing access logs, activation /deactivation monitoring.
  28. Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary

Job Specifications (Qualifications, Skills and Experiences Required)

  • Omani Nationals Only
  • A minimum of 5 years of IT experience, with 3 years in an information security role and at least two years in a supervisory capacity.
  • A bachelor’s degree in information systems or equivalent work experience; in information security is preferred.
  • Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff.
  • Knowledge and understanding of relevant legal and regulatory requirements
  • Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
  • Excellent verbal, written and interpersonal communication skills
  • Certification such as CISA, CISM or CISSP (or willingness to pursue)

Section : Archive

Location : Head Office

Omani Nationals Only

Qualification : Diploma in Archive

Should be well versed with Microsoft Excel and word.

Should have excellent English in reading, writing and communication.

Section : PDC Section

Location : Al Khuwair

Omani Nationals Only

Minimum Qualification : Secondary school

Should be well versed with Microsoft Excel and word.

Should have excellent English in reading, writing and communication.