Strategy and Framework

• Establish cyber resilience objectives and technology risk management priorities for the Holding
• Develop, implement, and continuously enhance Information Security, IT Risk, and Cyber Risk management frameworks
• Ensure alignment of security practices with international standards including ISO 27001, ISO 22301, ISO 27005, and NIST CSF
• Integrate cyber and IT risk management into enterprise risk management processes
  
  

Risk Assessment and Monitoring

• Develop security requirements and methodologies covering business continuity, critical systems, third-party risks, and penetration testing
• Contribute to the development, maintenance, and periodic review of the Risk Appetite Statement (RAS) for IT and cyber risk domains
• Establish cyber risk reporting practices, Key Risk Indicators (KRIs), and technology risk monitoring mechanisms
  
  

Governance and Oversight

• Oversee cybersecurity governance, awareness programs, incident management, data protection, and access control activities across the Holding's group entities
• Provide cybersecurity governance and risk oversight for AI initiatives, new technologies, and business solutions
• Lead cybersecurity maturity assessments and continuous improvement initiatives
  
  

Advisory and Stakeholder Engagement

• Provide advisory support to senior management on emerging cyber threats and technology risks
• Translate complex technical and cybersecurity topics into clear, business-oriented messages for non-technical audiences and decision-makers
  

• Relevant academic qualifications in Informatics, Computer Science, Information Systems, or a related field
• Experience in IT and/or Information Security roles, preferably within regulated industries
• Strong understanding of Information Security, IT Risk Management, and Cybersecurity principles
• Experience in security governance, risk assessment, control frameworks, and compliance management
• Knowledge and practical experience with cybersecurity standards and industry best practices, including ISO 27001, ISO 22301, ISO 27005, and NIST CSF
• Familiarity with key technology domains — including operating systems, networking, application security, identity and access management, vulnerability management, and security monitoring — sufficient to provide effective governance oversight and evaluate controls across these areas
• Strong written and verbal communication skills with the ability to influence stakeholders through risk-based reasoning
• Professional certification such as CISSP, CISM, CRISC, ISO/IEC 27005 Risk Management, or other relevant IT and security certifications
• Experience and understanding of banking, insurance, or other highly regulated industries