Director Technology Risk and GRC
Posted date [2026-05-04]
(ID: 44827)
 |
As the largest bank in the UAE, FAB has taken decisive steps as a regional pacesetter in the financial industry to bind both ambition and action together to accelerate the pace of positive environmental change. As the first bank in the MENA region to have committed to a target of net-zero emissions by 2050, we're making advances across our own operations in addition to walking alongside our clients as their strategic partner to ensure they can achieve their climate goals.... |
Job Snapshot
* Role: Director Technology Risk and GRC
* Location: Abu Dhabi, UAE
* Industry: Banking
* Function: Risk Management-Compliance
* Experience: 10+ years in IT security, risk, governance, and technology risk management
* Job Type: Full-time
Position Overview
Director Technology Risk and GRC in Abu Dhabi, UAE is a senior Banking technology risk role focused on IT governance, cyber risk management, cloud security assessment, GRC operations, regulatory reporting, audit coordination, and DevSecOps risk controls. The position supports First Abu Dhabi Bank (FAB) by strengthening technology risk frameworks, improving governance visibility, managing remediation programs, and ensuring secure, compliant, and resilient digital banking operations.
Job Details
Country: UAE
City: Abu Dhabi
Industry: Banking
Function: Risk Management-Compliance
Salary: 42000-65000
Estimated salary range based on similar jobs in the job city; please confirm the final offer with the employer.
Gender: Any
Candidate Nationality: Any
Job Type: Full-time
Key Responsibilities
* Maintain visibility of GRC activities across the technology unit and ensure effective tracking, reporting, and governance mechanisms.
* Track and complete technology BIA and BCP requirements in line with Group Business Continuity Management timelines.
* Monitor and report periodic UAE regulatory technology requests and related submissions.
* Oversee technology risk remediation programs and ensure proper governance, ownership, and timely closure.
* Ensure timely completion of IT risk operations activities and maintain accurate GRC management information.
* Manage Data Leakage Prevention notifications and improvement initiatives to optimize monitoring policies.
* Act as a key point of contact for internal audit, external auditors, regulators, and GIA on technology GRC, IT governance, and risk matters.
* Track operational risk incidents and ensure alignment with Group Operational Risk Management policies.
* Reconcile GRC systems used by the three lines of defense and ensure risk, control, and issue data remains consistent.
* Govern GIA issues, key risk items, audit findings, and remediation actions to support timely closure.
* Identify automation opportunities that improve GRC operations, reporting efficiency, and ways of working with second and third line functions.
* Establish and maintain an IT risk management framework to identify, analyse, mitigate, monitor, and communicate technology risks.
* Ensure adherence to Group Security policies and standards across GIT security controls.
* Maintain technology risk and control libraries, cyber risk assessment models, and assurance review approaches.
* Ensure technology risks are identified and assessed throughout software development, acquisition, project, and change lifecycles.
* Support technology teams with risk and control assessments, vulnerability reviews, control effectiveness checks, and remediation planning.
* Participate in project and change reviews to ensure appropriate treatment of technology risks.
* Analyse likelihood, impact, residual risk ratings, and overall technology risk exposure with relevant stakeholders.
* Oversee risk treatment strategies including mitigation, transfer, acceptance, and action plan closure.
* Define Key Risk Indicators and deliver periodic risk profile and KRI reports to senior management.
* Review major incident reports and ensure suitable control measures are implemented to prevent recurrence.
* Manage technology risk committee meetings and track action items through closure.
* Conduct due diligence, security assessments, architecture reviews, and risk evaluations for cloud service providers and cloud solutions.
* Ensure cloud contracts include relevant controls and comply with Group policies and processes.
* Assess risk implications of digital innovation and provide recommendations that balance security, compliance, and customer experience.
* Provide risk management guidance to technology teams on cloud technologies, digital solutions, and secure architecture.
* Support DevOps, DevSecOps, and agile risk practices by embedding automated controls across delivery pipelines.
* Help technology teams apply shift-left security, continuous feedback loops, secure development standards, and compliance controls throughout the delivery lifecycle.
Ideal Profile
* 10 or more years of experience in IT security, technology risk, governance, cyber risk, or related control functions.
* At least 3 years of leadership experience in IT security, risk, governance, or technology risk management.
* Strong understanding of security and risk management in financial institutions and highly regulated banking environments.
* Deep knowledge of technology domains including infrastructure, operations, security, development, transformation, support, innovation, vendor management, and banking risk processes.
* Strong experience with cloud computing, virtualization, cloud operating models, and cloud security best practices.
* Hands-on knowledge of Cloud Security Alliance guidelines, NIST frameworks, and technical risk assessment methods for cloud platforms.
* Demonstrated ability to conduct technical security reviews, architecture reviews, and risk assessments for cloud-based technologies.
* Good understanding of IT security, risk and governance process models, controls, and industry standards.
* Strong analytical capability with the ability to handle detailed information and summarize risks clearly for senior stakeholders.
* Experience dealing with internal auditors, external auditors, regulators, senior management, and three lines of defense stakeholders.
* Strong understanding of high availability, data confidentiality, information security, and banking technology environments.
* Industry certifications such as CISSP, CRISC, CCSP, CCSK, or CISA are highly preferred.
* AWS or Azure cloud certifications are preferred.
* Strong communication, influencing, relationship management, and change management skills.
* Big-picture thinker with strong attention to detail, resource management capability, and the ability to lead complex technology risk workstreams.
Skills Set
* Technology risk management
* IT governance and GRC operations
* Cyber risk assessment
* Cloud security assessment
* IT risk framework development
* Operational risk incident tracking
* Regulatory reporting
* Internal and external audit coordination
* GIA issue remediation
* Data Leakage Prevention
* BIA and BCP governance
* Key Risk Indicators
* Risk treatment planning
* Control effectiveness review
* Technology risk committee management
* Cloud provider due diligence
* Cloud architecture review
* NIST and CSA guidelines
* DevSecOps controls
* Agile risk practices
* CI-CD pipeline control embedding
* Shift-left security
* Information security policy compliance
* Senior stakeholder influencing
* Risk reporting and MIS
Why Join Us
* Lead a strategic technology risk and GRC function within a major Banking institution in Abu Dhabi, UAE.
* Work across cyber risk, cloud security, regulatory reporting, audit governance, DevSecOps, and digital transformation controls.
* Gain senior exposure to technology leadership, regulators, auditors, risk committees, and three lines of defense governance.
* Shape practical risk frameworks that protect digital banking operations while supporting innovation and customer experience.
* Join a secure and forward-looking financial institution where governance, technology resilience, cybersecurity, and responsible transformation are central to long-term success.
About the Company
First Abu Dhabi Bank (FAB) is the UAE’s largest bank and a leading financial institution headquartered in Abu Dhabi. FAB delivers retail, corporate, Islamic, investment, global markets, transaction banking, and digital banking services across regional and international markets, combining financial strength, innovation, governance, cybersecurity discipline, and customer-focused solutions to support clients, businesses, and communities.
