Manager – Cyber and Digital Risk

The Cyber Risk Management function is responsible for ensuring that the Group’s exposure to cyber risks is effectively identified, assessed, and managed in alignment with the Group’s risk appetite and operational risk framework. This role provides oversight across Emirates NBD and its subsidiaries, both within the UAE and internationally.

Key Responsibilities

Cyber Risk Identification & Assessment

• Conduct comprehensive cyber risk assessments across technology platforms and business processes to identify vulnerabilities, threats, and weaknesses.
• Analyze risk likelihood and impact, prioritizing and recommending mitigation strategies in collaboration with stakeholders.
• Develop and maintain frameworks, methodologies, and guidelines supporting the Group’s cyber risk management objectives.
• Produce and present risk reports, trends, and mitigation plans to senior leadership.
• Ensure risk scenarios are identified and aligned with business objectives, evaluating the associated threats and data impacts.
• Review and enhance IT controls, recommending improvements and supporting remediation efforts.
• Partner with Product, Engineering, and Security teams to enhance control effectiveness through automation and process optimization.
• Contribute to strategic planning for cloud adoption and digital innovation, integrating security principles and assessing risk implications.
• Support the evaluation and implementation of security technologies and platforms.

Control Effectiveness & Risk Mitigation

• Collaborate with business and IT stakeholders to enhance the Group’s cyber risk posture and reduce overall exposure.
• Design and implement technology controls to prevent fraud and security breaches.
• Maintain a strong control environment within IT Infrastructure aligned with internal policies and regulatory requirements.
• Regularly assess and improve risk controls, processes, and governance to ensure operational efficiency.
• Ensure compliance with the Group’s risk management framework and policy requirements.

Qualifications & Experience

Education

• Bachelor's degree in a relevant discipline (e.g., Information Security, IT, Risk Management, or Business).
• Professional certifications such as CISM, CISSP, CRISC, or equivalent in Information Security or IT Risk.

Experience

• Minimum of 7 years in technology risk or cybersecurity risk management roles.
• Proven experience with cyber risk frameworks, security assessments, and IT governance.

Skills & Competencies

Technical Knowledge

• Strong understanding of technology infrastructure and vulnerabilities across systems (e.g., OS, databases, networks, applications, middleware).
• Proficiency in cybersecurity risk assessment tools, techniques, and industry standards.
• Familiarity with regulatory frameworks, IT control environments, and digital transformation risks.
• Expertise in security architecture, cloud security, and IT change management processes.
• Ability to convert technical findings into actionable insights for business stakeholders.

Soft Skills

• Strong stakeholder engagement and vendor management skills.
• Effective communicator with the ability to present complex risk issues clearly.
• High attention to detail and quality.
• Strong organizational and execution focus.
• Proactive problem-solver with high integrity and professionalism.
• Fluent in English.

Behavioral Attributes

• Self-motivated and eager to learn
• Strategic and forward-thinking
• Collaborative and team-oriented
• Capable of managing multiple priorities under pressure
• Results-driven with a focus on quality and compliance