Senior Manager, IS Governance.MGN Egy - Information Security Governance.Risk Management-MEGPCOE

This Job primary focus on developing, managing , and executing Information Security Governance, Risk and Compliance across Mashreq to – 

• Contribute strategically to the bank’s success and enable the business and technology strategy of the bank to expand with secure and reliable service offering. 
• Navigate compliance complexities and support compliance with information security requirements across regions,
• Ensure the confidentiality, integrity, and availability of our sensitive information and IT assets and a proactive approach to build a resilient security posture and 
• Empower a security-conscious culture - all while. 

Sr. Manager IS Governance, Risk and Compliance (IS GRC) has overall responsibility for information security governance, risk and compliance management and supporting Head of IS GRC to achieve organization’s security strategy and goals. He / She is deputy of the Head of IS GRC. 

Sr. Manager of IS GRC is a T-Shaped expert with proven skills in most core capability areas of IS GRC: Policy, Governance and Culture, Cyber Strategy & Program Management and Risk and Compliance. She / He will actively develop his expertise and leadership in other capability area to cover all GCR scope, including by rotating roles between the Sr. Managers of IS GRC. 

Policy, Governance & Culture

• Information Security Framework, Policy, and Standards: 
• Lead the development and implementation of a comprehensive information security framework, policies, and standards to ensure the organization’s information assets are adequately protected. 
• Enable the mechanism to assess, monitor and report on Implementation status. 
• Ensure group practices are in line with security standards like ISO 27001, NIST and others. 
• Security Governance and Reporting: 
• Ensure preparation, delivery and follow-up of the key ISG committees, including Information Security Committee, Business Engagement meetings, ORC, BRC in quality and time. Get all pre-required reviews and approvals in a timely manner. 
• Manage actions from those committees with proper tracking and timely closure. 
• KPI & KRIs: 
• Enable and monitor key security metrics, Key Performance Indicators (KPIs), and Key Risk Indicators (KRIs) as required to measure the effectiveness of the information security program.
• Cyber Culture: Promote a culture of cyber security awareness across the organization. 
• Develop and deliver training programs to enhance employees’ understanding of cyber threats and preventive measures. 
• Facilitate and foster activities to create information security culture and behavior across the organization.
• Assure training & learning requirements is assessed for the staffs and required training and awareness is captured and enabled to ensure that the organization has the necessary skills to manage cyber risks.
• Peer Security Engagement: 
• Collaborate with peers across the organization to share and implement best practices for information security. 
• Foster a culture of continuous learning and improvement. 
• Develop and implement, in collaboration with FP&I, HR and Communication at minimum, a Security behavior and culture program. 
• Update and align existing content, particularly online training, induction training to ensure continuous alignment with business needs, the internal and external threat landscape, and regulatory requirements.
• Audit Support: 
• Enable the Information Security department in preparation for internal and external audits and be at the front-line to support audit activities. 
• Manage internal and external audits on ISG; track and managing timely remediation. 
• Drive security enhancements to ensure the organization stays ahead of peers in terms of information security posture.
• Global Support: 
• support regional CISOs with governance activities including formulation and adherence to local policies and procedures in line with Group policies and local regulatory requirements.
• ESG (Environmental, Social, and Governance): 
• Ensure that the organization’s cyber security policies align with ESG principles. 
• Monitor the impact of these policies on the organization’s ESG performance and reporting as required. 
• Help Head of IS GRC with content for management and board committees and other management submissions. 
• Lead the development and implementation of a comprehensive information security framework, policies, and standards to ensure the organization’s information assets are adequately protected. 
• Enable the mechanism to assess, monitor and report on Implementation status. 
• Ensure group practices are in line with security standards like ISO 27001, NIST and others. 
• Ensure preparation, delivery and follow-up of the key ISG committees, including Information Security Committee, Business Engagement meetings, ORC, BRC in quality and time. Get all pre-required reviews and approvals in a timely manner. 
• Manage actions from those committees with proper tracking and timely closure. 
• Enable and monitor key security metrics, Key Performance Indicators (KPIs), and Key Risk Indicators (KRIs) as required to measure the effectiveness of the information security program.
• Develop and deliver training programs to enhance employees’ understanding of cyber threats and preventive measures. 
• Facilitate and foster activities to create information security culture and behavior across the organization.
• Assure training & learning requirements is assessed for the staffs and required training and awareness is captured and enabled to ensure that the organization has the necessary skills to manage cyber risks.
• Collaborate with peers across the organization to share and implement best practices for information security. 
• Foster a culture of continuous learning and improvement. 
• Develop and implement, in collaboration with FP&I, HR and Communication at minimum, a Security behavior and culture program. 
• Update and align existing content, particularly online training, induction training to ensure continuous alignment with business needs, the internal and external threat landscape, and regulatory requirements.
• Enable the Information Security department in preparation for internal and external audits and be at the front-line to support audit activities. 
• Manage internal and external audits on ISG; track and managing timely remediation. 
• Drive security enhancements to ensure the organization stays ahead of peers in terms of information security posture.
• support regional CISOs with governance activities including formulation and adherence to local policies and procedures in line with Group policies and local regulatory requirements.
• Ensure that the organization’s cyber security policies align with ESG principles. 
• Monitor the impact of these policies on the organization’s ESG performance and reporting as required. 
• Help Head of IS GRC with content for management and board committees and other management submissions. 

Cyber Strategy & Program Management 

• Cyber Strategy:  
• Support Head of IS GRC in developing and managing the bank’s 3-year Information Security strategy. 
• Update annually based on changes in business priorities and evolving threat and risk universe.
• Regularly review and provide feedback to improve the organization’s cyber security practices, the policies and procedures to reflect changes in the cyber threat landscape.
• Cyber Planning & Budgeting: 
• Support Head of IS GRC in budget planning and managing ISG budget and expenses globally.
• Cyber Strategic Initiative/Program Management (PM): 
• Oversee the implementation of cyber security initiatives sponsored by Head of Information Security to ensure their success and completion in line with strategy, budget approvals and business priorities.
• Security Service Management: 
• Manage the Information Security services related to IS GRC and review and provide feedback on other information security services from ISG to assure that these services effectively mitigate cyber risks and comply with relevant regulations.
• Cyber Workforce Alignment/Talent Management: 
• Align the cyber security workforce with the organization’s needs. 
• Consult with business heads to enable BISO (Business Information Security Officer) to drive Mashreq’s information security and privacy agenda within the business unit. 
• Cyber Organization Alignment: 
• Align the organization’s cyber security strategies and policies with its business objectives. 
• Ensure that all departments understand and adhere to important cyber security protocols.
• Bank’s Security Posture Management and Benchmarking: 
• Regularly assess and benchmark the organization’s security posture against the industry and peers. 
• Cyber Best Practice Sharing: 
• Regularly share updates on the latest cyber security best practices. 
• Encourage teams to incorporate these practices into their daily operations.
• Cyber Risk Quantification: 
• Quantify the organization’s cyber risks. Use qualitative or quantitative methods to assess the potential impact of cyber risks on the organization.
• Internal IS Controls & Reporting: 
• Enable Information Security control framework for the bank and provide regular reports on the effectiveness of these controls.
• Support Head of IS GRC in developing and managing the bank’s 3-year Information Security strategy. 
• Update annually based on changes in business priorities and evolving threat and risk universe.
• Regularly review and provide feedback to improve the organization’s cyber security practices, the policies and procedures to reflect changes in the cyber threat landscape.
• Support Head of IS GRC in budget planning and managing ISG budget and expenses globally.
• Oversee the implementation of cyber security initiatives sponsored by Head of Information Security to ensure their success and completion in line with strategy, budget approvals and business priorities.
• Manage the Information Security services related to IS GRC and review and provide feedback on other information security services from ISG to assure that these services effectively mitigate cyber risks and comply with relevant regulations.
• Align the cyber security workforce with the organization’s needs. 
• Consult with business heads to enable BISO (Business Information Security Officer) to drive Mashreq’s information security and privacy agenda within the business unit. 
• Align the organization’s cyber security strategies and policies with its business objectives. 
• Ensure that all departments understand and adhere to important cyber security protocols.
• Regularly assess and benchmark the organization’s security posture against the industry and peers. 
• Regularly share updates on the latest cyber security best practices. 
• Encourage teams to incorporate these practices into their daily operations.
• Quantify the organization’s cyber risks. Use qualitative or quantitative methods to assess the potential impact of cyber risks on the organization.
• Enable Information Security control framework for the bank and provide regular reports on the effectiveness of these controls.

Risk & Compliance

• Risk Life-Cycle Management: 
• Define risk lifecycle management process for the bank in alignment with ERM and ORM and enable the same in ISG GRC solution to support the unit. 
• Act as a trusted advisor to Business when supporting risk-based decisions. 
• Develop and implement, in collaboration with ERM and ORM, a Risk Appetite lifecycle framework to ensure continuous alignment with business needs, the internal and external threat landscape, and regulatory requirements. 
• Assure Information Security exceptions are documented, effectively assessed and approved from respective risk owners and tracked for closure. 
• Define risk lifecycle management process for the bank in alignment with ERM and ORM and enable the same in ISG GRC solution to support the unit. 
• Act as a trusted advisor to Business when supporting risk-based decisions. 
• Develop and implement, in collaboration with ERM and ORM, a Risk Appetite lifecycle framework to ensure continuous alignment with business needs, the internal and external threat landscape, and regulatory requirements. 
• Assure Information Security exceptions are documented, effectively assessed and approved from respective risk owners and tracked for closure. 
• A mid senior level officer with sound knowledge and expertise in information security risk management with experience of managing enterprise projects and of direct and in-direct relationship with senior and executive management.
• Strong experience and knowledge across the Information Security and Cyber Security domains including governance, policy procedures, compliance management, risk management and security incident response etc.
• Strong experience in Banking environment with strong understanding on key security frameworks such as ISO27001.XX, NIST 800.xx, PCI-DSS, SWIFT CSP, COBIT etc.   
• Strong interpersonal, analytical, and technical skills with strong in decision making and prioritization skills. 
• Sound knowledge of evolving advanced tech stacks and related control and risk universe. 
• Sound knowledge and expertise in conducting risk assessment. 
• Have over 12+ years of rich experience in information security domain and at least 2-3 years of dedicated experience in one of the GRC domain (Policy, Governance and Culture, Cyber Strategy & Program Management and Risk and Compliance).  
• Master’s degree in IT/Information Security