Cyber and Technology Risk Analyst | Cyber and Information Security BU | Risk SBU | September 2025

MCB has exciting opportunities in the Risk Strategic Business Unit (Risk SBU), for dynamic individuals who wish to establish a solid foundation for a career in Information Security, and Cyber and Technology risk management.

As second level controllers on matters pertaining to information security, technology risk, cyber risk and data privacy, our Cyber and Information Security BU contributes heavily towards assessing and mitigating MCB’s risk posture in the face of an increasingly complex technological environment and cyber threat landscape.

We are looking for a Cyber and Technology Risk Analyst to join our team of professionals within the Cyber and Information Security BU within Risk SBU. Your responsibility will be to evaluate risks and security threats to the Bank's assets, define security and technology risk behaviours and practices, and monitor adherences to the set policies and frameworks to meet business, legal and regulatory requirements.

Job vacancy: Cyber and Technology Risk Analyst

In this role you will be:

• Maintaining relationships with other Business Units and relevant stakeholders to understand their business risk appetite for integration in the overall risk assessment framework;
• Monitoring relevant key risk indicators (KRIs) and proposing solutions to mitigate and respond to any deviations to standard tolerance levels;
• Responding to and resolving issues pertaining to information security, cyber and technology risk matters;
• Identifying, assessing and monitoring the information cyber and technology risk landscape and incorporating relevant issues in the current monitoring framework;
• Developing, updating and publishing information security, cyber and technology risk policies, procedures, standards and guidelines;
• Performing 2nd level technical controls on all information security, cyber and technology risk related technical activities and ensure that these activities are properly carried out according to policies, standards and/or other requirements and report on their statuses as required;
• Verifying compliance between current behaviours and recommendations set out in the information security, cyber and technology risk policies and standards and resolving any gaps identified to reduce the risk exposure of the organization;
• Keeping abreast of any changes in the regulatory, legal or partner requirements that would have an impact on the Bank’s security and technology risk frameworks and ensuring that the relevant changes are brought to the associated processes and frameworks;
• Keeping abreast of latest security developments as well as the global threat landscape and incorporate them in the Bank’s security and technology frameworks by conducting security research;
• Executing the appropriate cyber and technology risk framework around every business project to ensure the appropriate and successful implementation of business initiatives and to reduce risk exposure based on a risk appetite;
• Managing, testing, improving and maintaining incident response processes and plans for each relevant information security, cyber and technology risk event and coordinating the appropriate response in the event of an incident to enhance the Bank's ability to recover from these events, should they occur;
• Engaging with the offensive security team and MCB stakeholders to plan and coordinate the associated activities and, subsequently, review, manage and track results and remedial actions;
• Implementing and executing an awareness program that considers all requirements, expectations and prevailing threats to ensure that all system users are aware of their appropriate security behaviours;
• Identifying and evaluating threats to the organisation and perform risk assessments (ad-hoc and planned), thereafter following up and regularly reporting on the execution of the associated remediation steps.

To succeed, you will be required to demonstrate the following competencies:

• Making sense of complex, high quantity, and sometimes contradictory information to effectively solve problems;
• Developing and delivering multi-mode communications that convey a clear understanding of the unique needs of different audiences;
• Knowing the most effective and efficient processes to get things done, with a focus on continuous improvement;
• Planning and prioritizing work to meet commitments aligned with organizational goals;
• Anticipating and adopting innovations in business-building digital and technology applications.

We are looking for candidates who have at least:

Either

• A Bachelor’s degree in Information Technology or Cyber/Information Security or an equivalent field of study;
• 5 years' working experience in information technology/cyber risk management.

Or

• 8 years' working experience in information technology/cyber risk management.

And

Holding Information Security, Cyber Security and/or Technology Risk related certifications constitutes an advantage.

In addition, demonstrated proficiency in the following is required:

• Develop and manage advanced reports, dashboards, and metrics using Power BI or similar analytics tools;
• Conduct data analysis to identify trends, patterns, and insights from large data sets;
• Implement and maintain data analytics tools and systems, ensuring accuracy and consistency;
• Microsoft Office tools (Excel, Word, PowerPoint);
• Main Operating Systems used at the Bank (Windows, AIX, Linux);
• Main databases used at the Bank (MS SQL Server, Oracle, ...);
• IT communication protocols and network devices;
• IT (Operating Systems, Virtualization, Networking, Application Development, Databases).

A combination of both qualifications & experience will be considered.

Should this opportunity match your career aspirations, skills and competencies, click on ‘Apply’ to complete your online application.

Please ensure all required information is accurately entered in relevant sections. Any incomplete application will not be considered. Kindly attach a complete CV when applying.

Note that candidates under consideration for this position will be required to provide 2 professional references.

As part of the recruitment process, shortlisted candidate(s) will be required to provide a valid Certificate of Character of less than 3 months.

The deadline for submission of application is 06 October 2025.

Management reserves the right not to appoint anyone following this advert.