Tech Risk Assurance Manager

Key Responsibilities:

1. SDLC (Software Development Life Cycle) Assurance

Governance: Review and evaluate the companys SDLC processes ensuring compliance with governance standards such as code review testing and proper approvals before deployment.

Security in SDLC: Ensure security assessments (e.g. static and dynamic analysis) are integrated at each phase of the SDLC focusing on potential vulnerabilities.

Agile and DevOps: Assess the implementation of Agile and DevOps practices ensuring they meet compliance governance and risk management requirements

ThirdParty Integrations: Evaluate and ensure that thirdparty integrations (e.g. APIs credit bureaus identity verification systems) are managed and secured in the development process.

2. Release Management

Release Process Assurance: Review and assure release management processes ensuring alignment with change control policies proper approvals and adequate testing.

Segregation of Duties: Ensure the separation of duties between development testing and production access to prevent unauthorized changes.

Emergency Releases: Assess the procedures for emergency releases and patches ensuring adequate risk mitigation and compliance with governance.

3. Change Management

Documentation and Tracking: Oversee the process for documenting and tracking change requests including code changes infrastructure updates and software patches.

Impact Assessment: Ensure that each change request undergoes a thorough impact assessment taking into account security compliance and operational risks.

Approval Workflows: Review and manage change approval workflows ensuring comprehensive risk mitigation plans such as rollback strategies and predeployment testing

4. Incident Management

Incident Response Plan: Develop review and continuously improve the companys incident response plan ensuring rapid identification communication and resolution of incidents.

PostIncident Reviews: Ensure the organization conducts root cause analysis and lessons learned sessions after each incident to prevent recurrence.

Metrics and Reporting: Manage incident reporting processes ensuring that incidents are reported to key stakeholders in a timely manner and comply with regulatory requirements.

5. Tech and Cybersecurity Risk Assessments

Risk Identification: Review technology and cybersecurity risks ensuring that vulnerability assessments and penetration testing are conducted regularly.

Threat Monitoring: Oversee the companys threat monitoring processes ensuring the effective use of tools such as SIEM (Security Information and Event Management).

Vendor Risk Management: Ensure proper risk assessments are conducted for thirdparty vendors especially those providing critical services (e.g. cloud services identity verification).

Cybersecurity Policies: Develop assess and update cybersecurity policies to align with industry standards including data protection encryption and access control policies.

6. Resilience and Business Continuity

Disaster Recovery: Review and continuously improve the companys disaster recovery plans ensuring that testing is conducted to prevent data loss and ensure minimal downtime.

Backup Strategies: Assess the organizations data backup and redundancy strategies to ensure resilience against cyberattacks and operational failures.

7. Governance and Reporting

Risk Reporting: Oversee the process of reporting technology and cybersecurity risks to senior management and board members ensuring they are aligned with the organizations strategic objectives.

Key Risk Indicators (KRIs): Evaluate the Key Risk Indicators (KRIs) and metrics used to measure and communicate technology risks ensuring they are relevant and actionable.

Requirements

Job Title: Tech Risk Assurance Manager

Job Type: Outsourced Full Time OnSite Long Term

Work Location: Dubai (Dubai Media City) UAE

Benefits: Work Visa and Medical Insurance for self only

Job Summary:

To oversee and manage our clients technology assurance tech risk assessments and governance processes. This role involves evaluating the software development life cycle (SDLC) ensuring compliance in release and change management processes and implementing effective incident management strategies. The ideal candidate will have extensive experience in SDLC assurance cybersecurity risk management governance and should have worked on Tech risk frameworks before and should be able to create a Tech risk assurance framework.

Required Skills and Qualifications:

Bachelors degree in Information Technology Computer Science Engineering or a related field.

Professional certifications such as CISA CISM CISSP CRISC are preferred.

710 years of experience in IT risk management cybersecurity technology assurance or a related field.

Experience working in Big 4 consulting firms or similar environments with a focus on SDLC assurance change management and incident management.

Proven expertise in IT governance frameworks such as COBIT NIST ISO 27001 ITIL and DevOps practices.

Comprehensive understanding of SDLC assurance processes including security testing and governance.

Handson experience with Agile and DevOps frameworks for software development and deployment.

Strong experience in cybersecurity risk assessments threat monitoring and vendor risk management.

Familiarity with release management tools and practices for separation of duties and change control.

Experience conducting disaster recovery testing backup assessments and ensuring business continuity.

Preferred Skills:

Familiarity with CI/CD pipelines and automation tools within the DevOps landscape.

Experience with business continuity planning incident management frameworks and emergency release processes.

Previous work in highly regulated industries such as finance healthcare or government dealing with stringent compliance and risk management requirements.

Benefits