Tech Risk Assurance Manager

Job Title: Tech Risk Assurance Manager

Job Type: Outsourced, Full Time, On-Site, Long Term

Work Location: Dubai (Dubai Media City), UAE

Benefits: Work Visa and Medical Insurance for self only

Job Summary:

To oversee and manage our client's technology assurance, tech risk assessments, and governance processes. This role involves evaluating the software development life cycle (SDLC), ensuring compliance in release and change management processes, and implementing effective incident management strategies. The ideal candidate will have extensive experience in SDLC assurance, cybersecurity, risk management, governance and should have worked on Tech risk frameworks before and should be able to create a Tech risk assurance framework.

Required Skills and Qualifications:

Bachelor's degree in Information Technology, Computer Science, Engineering, or a related field.

Professional certifications such as CISA, CISM, CISSP, CRISC are preferred.

7-10 years of experience in IT risk management, cybersecurity, technology assurance, or a related field.

Experience working in Big 4 consulting firms or similar environments, with a focus on SDLC assurance, change management, and incident management.

Proven expertise in IT governance frameworks such as COBIT, NIST, ISO 27001, ITIL, and DevOps practices.

Comprehensive understanding of SDLC assurance processes, including security testing and governance.

Hands-on experience with Agile and DevOps frameworks for software development and deployment.

Strong experience in cybersecurity risk assessments, threat monitoring, and vendor risk management.

Familiarity with release management tools and practices for separation of duties and change control.

Experience conducting disaster recovery testing, backup assessments, and ensuring business continuity.

Preferred Skills:

Familiarity with CI/CD pipelines and automation tools within the DevOps landscape.

Experience with business continuity planning, incident management frameworks, and emergency release processes.

Previous work in highly regulated industries such as finance, healthcare, or government, dealing with stringent compliance and risk management requirements.

Key Responsibilities:

1. SDLC (Software Development Life Cycle) Assurance

Governance: Review and evaluate the company's SDLC processes, ensuring compliance with governance standards such as code review, testing, and proper approvals before deployment.

Security in SDLC: Ensure security assessments (e.g., static and dynamic analysis) are integrated at each phase of the SDLC, focusing on potential vulnerabilities.

Agile and DevOps: Assess the implementation of Agile and DevOps practices, ensuring they meet compliance, governance, and risk management requirements

Third-Party Integrations: Evaluate and ensure that third-party integrations (e.g., APIs, credit bureaus, identity verification systems) are managed and secured in the development process.

2. Release Management

Release Process Assurance: Review and assure release management processes, ensuring alignment with change control policies, proper approvals, and adequate testing.

Segregation of Duties: Ensure the separation of duties between development, testing, and production access to prevent unauthorized changes.

Emergency Releases: Assess the procedures for emergency releases and patches, ensuring adequate risk mitigation and compliance with governance.

3. Change Management

Documentation and Tracking: Oversee the process for documenting and tracking change requests, including code changes, infrastructure updates, and software patches.

Impact Assessment: Ensure that each change request undergoes a thorough impact assessment, taking into account security, compliance, and operational risks.

Approval Workflows: Review and manage change approval workflows, ensuring comprehensive risk mitigation plans such as rollback strategies and pre-deployment testing

4. Incident Management

Incident Response Plan: Develop, review, and continuously improve the company's incident response plan, ensuring rapid identification, communication, and resolution of incidents.

Post-Incident Reviews: Ensure the organization conducts root cause analysis and lessons learned sessions after each incident to prevent recurrence.

Metrics and Reporting: Manage incident reporting processes, ensuring that incidents are reported to key stakeholders in a timely manner and comply with regulatory requirements.

5. Tech and Cybersecurity Risk Assessments

Risk Identification: Review technology and cybersecurity risks, ensuring that vulnerability assessments and penetration testing are conducted regularly.

Threat Monitoring: Oversee the company's threat monitoring processes, ensuring the effective use of tools such as SIEM (Security Information and Event Management).

Vendor Risk Management: Ensure proper risk assessments are conducted for third-party vendors, especially those providing critical services (e.g., cloud services, identity verification).

Cybersecurity Policies: Develop, assess, and update cybersecurity policies to align with industry standards, including data protection, encryption, and access control policies.

6. Resilience and Business Continuity

Disaster Recovery: Review and continuously improve the company's disaster recovery plans, ensuring that testing is conducted to prevent data loss and ensure minimal downtime.

Backup Strategies: Assess the organization's data backup and redundancy strategies to ensure resilience against cyber-attacks and operational failures.

7. Governance and Reporting

Risk Reporting: Oversee the process of reporting technology and cybersecurity risks to senior management and board members, ensuring they are aligned with the organization's strategic objectives.

Key Risk Indicators (KRIs): Evaluate the Key Risk Indicators (KRIs) and metrics used to measure and communicate technology risks, ensuring they are relevant and actionable.