Job Description Responsible for leading, implementing, and maturing the NI’s information security risk management framework. Identifies, assesses, and manages NI ’s cybersecurity risks to protect its information and technology assets in line with NI policies and procedures and related laws and regulations. Information Security delegate for all Technology Change Committee Boards (CCBs) identifying solutions to technology challenges with compliance, security, and risk. Local subject Matter Expert on Threat Models developed for all critical systems and core infrastructure.Responsibilities Lead the Information Security Risk Management Framework (ISRMF) aligned with: NIST Cybersecurity Framework ISO/IEC 27001 / 27005 Local banking cybersecurity guidelines Conduct risk assessments/threat models to identify potential vulnerabilities and threats to the organization’s technology systems and data. Review the architecture for new solutions to ensure the security, resilience and compliance requirements for such systems are met. Update IT Risk Tracker and NI Heatmap for security risks Conduct Technology Thematic reviews as part of the Risk Assurance plan for the company. Plan and manage Compliance, Audits, Risk assessments and Information Security Governance. Keeping abreast of changes in technology and regulations that may impact the organization’s risk profile. finding the best way to secure the IT infrastructure of an organization Perform reviews of risk assessment of projects, new or change initiatives, introduction of new products, services or systems and identify potential risks and provide risk mitigating control recommendations using a unified risk assessment standard across Group. Escalate and record Items for Management Attention Follow up with named stakeholders for known risk issues, ensuring timely closure or escalation where risks cannot be closed. Participate in new initiatives (e.g., product, services, solutions, system launches, etc.) to identify risks arising out of changes and recommend for suitable controls and identify, assess, control and monitor risks related to operational nature QualificationsEducation Bachelor’s degree in Information Security, Computer Science, IT, Risk Management, or equivalent. Master’s degree (MBA, MIS, or Cybersecurity) is an advantage. Experience 10+ years of experience in the same field within banks or financial institutions Job Specific Skills Very Good command of English Language (Listening, Speaking, Reading & Writing), or equivalent to Upper-Intermediate level. Excellent communication and stakeholder management Strong analytical and risk assessment skills Ability to simplify technical risk into business language Good knowledge about PCI DSS, PCI PIN Security and ISO27001. Pro-active and self-starter who can work with limited supervision. Good understanding of Operational Risk Tools such as RCSA / KRI / Loss Data Management Customer focused and should be able to work under pressure and should have an easy-going attitude and self-motivated. Professional Certifications like CISSP, CISM, CRISC, ISO 27001 Lead Implementer / Lead Auditor and/or CISA (strongly preferred)