Senior Manager – Data Privacy.MGN EGY - ISG - Information Security Program

Management:

• To Strategize, develop and implement Data Protection Controls in coordination with stakeholders across the Organization globally.
• To ensure compliance of the Organization with the defined policy & framework with a data driven approach

Execution

• To ensure that the protection operations are executed effectively in a timely manner and with required quality
• Assists in the development and implementation of Data Protection strategic initiatives. Leads all Data protection related tasks with effective monitoring and protection of information security assets.

Manager – Data Protection has overall responsibility to coordinate and support the Head of Data Privacy and Protection to achieve organization’s Protection strategy and goals. 

He/she is a T-Shaped expert with proven skills in most core capability areas of Data Protection and security: Policy, Governance, Protection Strategy & Program Management. 

Performance evaluation of the role will be based on the positive impact on the bank in terms of Data protection posture enhancement rather than the effort put in place.

Drive various Data Protection Initiatives to improve overall maturity

Data Encryption & Anonymization

• Lead enterprise-wide initiatives for data encryption at rest, in transit, and in use, ensuring alignment with regulatory and internal security requirements.
• Drive the design and implementation of data anonymization and masking strategies to protect PII, PCI, and other sensitive data across non-production environments.
• Collaborate with cross-functional teams including Application Development, Infrastructure, Legal, and Compliance to define and enforce encryption and data protection standards.
• Oversee vendor evaluation and integration of encryption key management and tokenization solutions, ensuring proper lifecycle management.
• Establish governance models and control frameworks for effective implementation and monitoring of data anonymization processes.

Data Loss/Leak Prevention

• Establish the  Incident Response framework for GSOC and consult with various business units and legal counsel on developing and improving data leakage protection processes. Maintain and update investigation handling expectations and service level expectations.
• Development and maintenance of DLP Policies, Standards, Procedures, and Guidelines. Ensure compliance with regulations required for DLP.
• Conduct regular audits and assessments to ensure compliance with data protection regulations and internal policies.
• Ensure metrics (Key Performance / Risk Indicators) for measuring the effectiveness of the DLP solution are in place.
• Identify stakeholders in IT, legal, and compliance teams to ensure secure data handling practices across the organization. Plan awareness material for sessions for the stakeholders.

Data Security Posture Management

• Ensure data discovery exercise across the bank using automated techniques and create data flow diagrams for relevant departments across the bank.
• Ensure maintenance of an accurate inventory of all data assets and management of the entire lifecycle of data, from creation to deletion.
• Develop and implement data masking and anonymization strategies and use of encryption protocol for to encrypt data before transmission.
• Ensure keys are generated using strong random number generators to prevent predictability and implement key rotation policies to periodically change keys and secrets, reducing the impact of compromised keys.
• Designing and implementing a secure architecture for data storage, processing, and transmission.
• Evaluating and recommending security tools and technologies.
• Implementing and maintaining security standards and frameworks (e.g., ISO 27001, NIST Cybersecurity Framework, PDPL, PDPO, PCI).

Database Activity Monitoring

• Manage daily operations of database activity monitoring (DAM) systems, ensuring continuous monitoring and alerting. Regularly review system logs and performance metrics. 
• Track KPIs to measure DAM effectiveness and conduct regular risk assessments of database systems and create mitigation strategies. Track and report on identified risks. 
• Regularly review database logs and reports to identify and address potential security incidents. Implement preventative measures to address recurring issues. 
• Ensure database security configurations adhere to best practices and organizational policies. Conduct regular security audits. 

Other Data Protection Initiatives & Collaboration with other teams

• Drive any other projects related to Data Protection such as Insider Risk Mgmt. enhanced security controls in Backup & Restoration, Data retention & Deletion, Data Discovery & Scans using Privacy Mgmt solution etc
• Provide effective governance of the projects through well-defined KPIs/KRIs 
• Collaborate with other teams in ISG to ensure effective implementation of the projects 
• Collaborate with Data Privacy team in reviews and assessments to cover overall Data protection requirements
• Graduate/ Post Graduate degree in Science/ Engineering/ IT.
• Minimum 2 Professional certifications: CIPPE / CIPM / CIPT / CDPSE, CISA, CISM, PCI-QSA, CISSP, SABSA.
• 12+ years working experience working in a large financial institution/ bank with minimum 4 years’ experience within a compliance, legal, audit and/or risk function, with recent experience in data protection projects/implementation.                                                                                           
• Familiarity with advanced Data Privacy and Protection technologies, risk, threat and vulnerability assessments, and security measures. 
• Strong experience and knowledge across the Data Privacy and Protection domains including governance, policy procedures, compliance management, risk management and Data Breach response etc.

Comprehensive knowledge of Data Privacy and Protection regulatory and compliance requirements across various industries and how they influence the bank's DPP strategy.