Job Purpose
To lead and enhance the Bank’s approach to technology risk, third-party risk, and operational resilience within the Second Line of Defence. The role is responsible for overseeing the identification, assessment, and management of non-financial risks across outsourcing, vendor management, and critical technology services, ensuring alignment with regulatory requirements and best practices.
It drives the Bank’s operational resilience agenda, including business continuity, disaster recovery, and crisis management, while fostering a strong risk culture that balances risk appetite with commercial objectives. The role also supports the Head of Operational Risk & Resilience in coordinating team activities and delivering effective risk oversight.
Key Accountabilities
Technology Risk
1. Proactive support, subject matter expertise and value-add to businesses and support functions in the management of technology risk.
2. 2nd Line oversight of technology risks, controls and issues across the Bank including supporting deep-dive reviews on key risk areas.
3. Proactive monitoring of technology risk processes to ensure compliance with regulatory and internal policy requirements.
4. Support the implementation and embedding of technology risk modules within the Bank’s GRC tool.
Outsourcing & Third-party Risk Management
1. Provide oversight and subject matter expertise in outsourcing and third-party risk management across the Bank.
2. Oversee vendor risk assessments including onboarding, periodic reviews and ongoing monitoring.
3. Ensure outsourcing arrangements comply with regulatory requirements and internal policies.
4. Provide challenge on third-party risk exposures and concentration risks.
Operational Resilience
1. Lead the development and embedding of the Bank’s operational resilience framework.
2. Support identification of critical business services / functions and mapping of dependencies.
3. Oversee scenario testing to assess the Bank’s resilience under severe but plausible events.
4. Ensure identified resilience gaps are tracked and remediated.
Business Continuity, Disaster Recovery & Crises Management
1. Oversee the Business Continuity and Disaster Recovery frameworks including plan development and testing.
2. Ensure regular testing of BCP and DR plans in line with policy requirements.
3. Coordinate crisis management activities including response, escalation and communication.
4. Ensure lessons learned from incidents and tests are incorporated into plans.
Reporting, Monitoring & Governance
1. Development of risk reporting and key indicators to support management and Board decision-making.
2. Monitor and report risk exposures against the Bank’s Risk Appetite Statement (RAS).
3. Provide regular reporting to risk committees and senior management forums.
4. Support the management and coordination of risk governance committees and tracking of actions.
Other Accountabilities
Other Accountabilities
Job Context
The jobholder is expected to undertake ad-hoc activities/analysis, projects and change initiatives for Head of Operational Risk & Resilience
Education
Experience and Skills
Qualifications
Bachelor’s degree in engineering, Information Technology, Computer Science or a related discipline.
MBA or master’s degree in relevant area of study is highly desirable
Additional qualifications & certifications such as CFA, FRM will be preferable.
Work Experience
Minimum 12 years of experience in risk management function in banking, with a focus on non-financial risk (Operational Risk, Technology Risk, Third-Party Risk, or Resilience), including hands-on experience in technology risk, third-party risk management, and operational resilience.
5–7 years of managerial or leadership experience.
Experience within a large multinational or regional bank, with exposure to complex regulatory environments.
Proven expertise in developing and implementing risk frameworks, including risk appetite, dashboards, and control assurance.
Strong knowledge of regulatory frameworks (e.g., Basel, PRA, UAE Central Bank, outsourcing and operational resilience guidelines).
Skills & Knowledge
Strong understanding of banking operations, products, and control environments.
Ability to provide effective 2nd Line challenge and oversight across technology and third-party risk domains.
Experience in implementing or using GRC systems and risk reporting tools.
Strong analytical, problem-solving, and decision-making skills.
Excellent stakeholder management and communication skills, with the ability to influence senior management.
Good understanding of business continuity, disaster recovery, and crisis management practices.