Job Summary

The incumbent will be responsible for the setup and management of the Cyber Security Strategy and Product management function in the Group Information Security (GIS) department. The incumbent will be a banking and finance technology thinker who constantly analyses the market for new technologies that would be best suited to support the Group’s strategy

Main Responsibilities

A. Shareholder & Financial: - Participate in the development, execution and maintenance of the IT Security strategy aligned to the overall corporate strategy, group long term goals and assist in the prioritization process. - Assist in the overall and annual IT Security business planning with the view of achieving the Group’s short term goals and submit periodic reviews and resolution. - Provide inputs to the Technology Key Risk indicators (KRIs) which shall be applicable across the Group to manage Group’s exposure to IT related risks effectively. Lead IT market research and provide applicable suggestions to further the Group’s strategy and develop cost / benefit analysis to alternative technologies and processes. - Focal Point from GIS in the preparation of the GIS budget to support Group’s long and short term goals. - Responsible for coordinating all aspects of the GIS budget process including: review of service area business plans and key performance indicators; annual capital budget and forecasts that include available and appropriate funding sources along with required project justification analysis; operating budget and forecast submissions that adhere to direction set by bank - Liaise with all Business Units Heads for preparing the yearly IT Business Plans, Prepare monthly and quarterly update on IT Business Plan. Monitor the Progress Status and raise issues / risks to GIS management. - Produce Availability Plans in line with QNB’s business planning cycle; identifying Availability requirements early enough to take account of procurement lead times. - Create implement and report on Key Performance Indicators (KPIs) for performance monitoring purposes for the GIS group and monitor their achievement on a regular basis. - Produce Capacity Plans in line with QNB’s business planning cycle; identifying Capacity requirements early enough to take account of procurement lead times. - Document the need for any increase or reduction in hardware resources based on service level requirements and cost constraints - Implements KPI’s and best practices for Cyber Security Strategy and Product Management. - Promote cost consciousness and efficiency and enhance productivity, to minimise cost, avoid waste, and optimise benefits for the bank. - Act within the limits of the powers delegated to the incumbent and delegate authority to the respective staff and monitor exercise of the same. - Demonstrate clear understanding of the important factors behind the bank's financial & non-financial performance.

B. Customer (Internal & External): - Build and maintain strong relationship with all other related departments, external entities and sections within GIS. - Defining & implementing Service Level Agreements (SLAs) and Operation Level Agreements (OLAs) between GIS, IT Group, other Business Units and International Branches. - Monitors capital and operating budget performance of GIS to identify unfavourable budget variances and recommend mitigating actions or additional approvals required to minimize impact to yearend surplus/deficit. - Seek to continually exceed internal and external customer expectations through introduction of breakthrough IT Security technologies and processes aimed to improve the Group’s products/services. - Produce regular management reports which include current usage of resources, trends and forecasts - Build and maintain a strong relationship with the Business Relationship Manager, technical teams within IT, finance team and external vendors of products and services - To assist customers in all their queries on Bank’s product and seek solution to their requests. - Maintain activities in accordance with Service Level Agreements (SLAs) with internal departments/units to achieve improvements in turn-around time. - Build and maintain strong/effective relationships with related departments/units to achieve the Group’s objectives

C. Internal (Processes, Products, Regulatory): - Review and identify areas for improvement in the process to deliver effective & efficient GIS projects and services - Act as a BCP Coordinator for GIS, coordinate implementation of DR setup as per the defined strategy - Assist in recruiting, motivating and developing personnel to ensure the function is staffed with individuals of the required caliber and that there is adequate succession planning and provision for future demands. - Analyse and recommend new products and solutions for GIS and business users to ensure that the group is upto-date with the latest trends in technology. - Support the new technology’s development process, and ensure that project deliverables are met according to specifications and timeframes. - Compile and present relevant MIS to the Group CISO on a periodic basis for the existing systems and compare the existing functionalities vis-à-vis the efficiencies to be gained from proposed technologies. - Assist in the overall recruitment of the individual resources in the areas concerned - Continuous Improvement: - Set examples by leading improvement initiatives through cross-functional teams ensuring successes. - Identify and encourage people to adopt practices better than the industry standard. - Continuously encourage and recognise the importance of thinking out-of-the-box within the team. - Encourage, solicit and reward innovative ideas even in day-to-day issues.

D. Learning & Knowledge: - Possess good knowledge and experience in COBIT and ITIL framework. - Detailed understanding of IT systems and secure architecture designs. - Good understanding of suitable solutions for configuration management, service desk, software library etc. - Identify areas for professional development for self and direct reports and take necessary actions - Hold meetings with direct reports and assess their performance. - Attend specific conferences in areas of financial services technology breakthroughs and innovations to adapt suitable ones to the bank’s security architecture and product portfolio. - Possess a superior knowledge of the GIS structure, its products and related risks together with a good knowledge of operations and related controls. - Identify areas for professional development of self and direct reports and act to enhance professional development of self and others - Proactively identify areas for professional development of self and undertake development activities. - Seek out opportunities to remain current with all developments in professional field. - Hold meetings with staff and assess their performance and your teams overall performance on a regular basis. - Take decisive action to ensure speedy resolution of unresolved grievances or conflicts within the team members. - Identify development opportunities and activities for staff and facilitate/coach them to improve their effectives and prepare them to assume greater responsibilities.

E. Legal, Regulatory, and Risk Framework Responsibilities: - Comply with all applicable legal, regulatory and internal compliance requirements including, but not limited to, Group Compliance Policies and Procedures (AML & CTF, Sanctions Policy, Data Protection Policy, Fraud Control Policy, Whistle Blowing Policy, Conflict of Interest and Insider Dealing Policy). - Understand and effectively perform your role under the Three Lines of Defence principle to identify measure, monitor, manage and report risks. - Ensure systematic good outcomes for clients in accordance with Conduct Risk policy. - Support the framework of RCSA, KRI, Incident reporting and remediation, as appropriate, in accordance with the Operational Risk Management requirements. - Maintain appropriate knowledge to ensure full qualification to undertake the role. - Complete all mandatory training provided by the Bank, attain, and maintain the required levels of competence. - Attend mandatory (internal and external) seminars as instructed by the Bank.

F. Other: - Ensure high standards of data protection and confidentiality to safeguard commercially sensitive information. - Maintaining utmost confidentiality concerning customer and internal bank information obtained during the course of business and provide such information on a need to know basis only to Senior Management of QNB, Audit and Compliance functions, and relevant Regulators. - Maintain high professional standards to uphold QNB's reputation and to strengthen its market leadership position. - All other ad hoc duties/activities related to QNB that management might request from time to time. - Lead and develop the Cyber Security Strategy of the bank in line with the business strategy, regulatory requirement, best practices and ongoing cyber security challenges. - Benchmark and evaluate the performance of the technologies engineered and operated by the GIS Cyber Security Technologies & Services teams to ensure that these are kept fine-tuned and updated with the latest technological developments.- Constantly scanning the market and competitors capabilities and bringing in technology proven in other markets and suggesting them across the group. - Keeping the CISO updated with latest developments in Cyber Security and raising any new cyber security risks to his attention. - Maintain the security architecture blueprints of the bank, liaising with the Enterprise IT architect and GITD Heads to develop and track the plans to achieve compliance. - Help to form the Information Security budget in collaboration with the Group Information Security Officer ensuring that systems under management are licensed and appropriately sized for the environment - Ensure that all the licenses and contracts are maintained and kept updated.

Education and Experience Requirements

- Bachelor’s/Master’s Degree in Computer Science, Computer Engineering or any related subject.

- Experience in IT service management of systems Technical Design, Implementation, and Maintenance on wide variety of platform including the main banking platform.

- At least 15 year’s experience in a major bank of which at least 5 years in bank in a managerial capacity in an IT Security engineering or architecture function.

- Training courses and certifications in application development, database administration, security, and management is a plus. Professional certifications, an ITIL foundation, TOGAF and COBIT is a must - Professional certification such as CISSP, CISM, CISA is preferred.