Job Description:
Required Experience & Skills
- 15+ years in banking IT security, architecture, or technology risk
- Deep hands-on experience with UAE NESA / IA Standards
- Strong understanding of CBUAE cyber & IT risk expectations
- Broad expertise across:
- Infrastructure & network security
- Cloud security
- Application & data security
- Ability to challenge controls with evidence and risk logic
- Comfortable engaging regulators, auditors, and senior executives
Ideal Candidate Profile
- Senior Security Architect involved in solutioning
- Has defended IT security designs in regulatory exams
Regulatory Accountability Context
- Operates in alignment with UAE NESA / UAE IA Standards
- Supports compliance with CBUAE IT & Cyber Risk frameworks
- Ensures security designs are audit-ready and regulator-defensible
- Does not replace the CISO, but strengthens the security posture of IT initiatives
Key Responsibilities
1. Regulatory & Risk Alignment
- Interpret NESA, CBUAE, and regulatory security requirements and translate them into actionable IT security architectures
- Act as the primary security architecture authority for IT initiatives from a regulatory lens
- Ensure solution designs can be clearly mapped to NESA controls and regulatory clauses
2. CIO–CISO Bridge (Critical)
- Engage with the CISO as a senior peer to:
- Challenge overly prescriptive or misapplied controls
- Agree on risk-appropriate, defensible security measures
- Resolve security vs delivery conflicts before CAB or regulator exposure
- Ensure consistent security positions across IT, Risk, and Audit
3. Security Architecture & Design Assurance
- Define and govern security architectures across:
- Core banking platforms
- Infrastructure & networks
- Cloud (IaaS, PaaS, SaaS)
- Applications, APIs, and data platforms
- Ensure secure-by-design principles are embedded early in solution lifecycle
- Prevent late-stage findings during audits or regulatory reviews
4. Governance, CAB & Assurance
- Lead security assurance input into:
- Design authorities
- CAB
- Go-live approvals
- Review and recommend risk-based exceptions and compensating controls
- Ensure evidence and documentation meet regulatory scrutiny standards
5. Execution & Enablement
- Work hands-on with IT engineering teams to ensure controls are:
- Technically feasible
- Operationally sustainable
- Audit-ready
- Mentor IT teams on banking-grade security architecture practices
- Drive maturity from compliance-led to risk-led security