Position Title:
Duration:
Location:
Position Summary
The Information Security – Cyber Organization Alignment & Compliance role is responsible for aligning information security practices with the bank’s enterprise risk management strategy, regulatory requirements, and governance frameworks. The role drives Information Security Governance, Risk, and Compliance (GRC) initiatives, ensuring effective risk tracking, compliance monitoring, RCSA execution, exception management, and accurate reporting. The position ensures governance and compliance standards are embedded across the organization while continuously improving the bank’s security posture.
Key Responsibilities
Governance, Risk, and Compliance
- Ensure compliance with internal policies, external regulatory requirements, and industry standards.
- Identify, assess, and manage information security risks in collaboration with business units.
- Perform risk trend analysis and provide regular reports to senior stakeholders.
- Oversee internal and external compliance audits and ensure adherence to obligations.
Policy Exception Management
- Develop and maintain a robust policy exception management process with defined documentation, approval, and expiration workflows.
- Conduct risk assessments for proposed policy exceptions to evaluate potential compliance and security impacts.
- Collaborate with stakeholders to implement compensating controls and ensure timely closure of exceptions.
- Regularly review approved exceptions and recommend improvements.
Risk Control Self-Assessments (RCSA)
- Coordinate periodic RCSAs across business units to identify and evaluate risks.
- Compile and analyze results, providing actionable recommendations.
- Monitor follow-ups to ensure the effectiveness of mitigation controls.
Offshoring Reporting
- Maintain accurate reporting of offshoring activities in line with regulatory requirements.
- Assess and mitigate risks related to offshore operations by ensuring proper controls are in place.
- Develop streamlined reporting mechanisms for internal and external stakeholders.
ISG Service Portfolio Management
- Maintain and update the ISG service catalog to reflect business needs and technological changes.
- Track ISG service performance against SLAs and KPIs, recommending improvements as required.
Compliance Management
- Oversee bank-wide information security compliance activities.
- Map regulatory obligations (e.g., GDPR, PDPL, local laws) and ensure adherence.
- Track and manage compliance incidents and exceptions using GRC tools.
Operating Environment & Stakeholder Engagement
Operating Environment:
All Mashreq Bank locations and regions of operation.Frameworks:
Information Security policies, regulatory guidelines, contractual requirements, and industry best practices.Stakeholders:
Business units, governance teams, enabling functions, and control groups.
Problem Solving & Decision-Making
- Develop frameworks, solutions, and processes for proactive risk management.
- Interpret regulatory language to determine applicability, compensating controls, and residual risk.
- Evaluate systemic and residual risks based on defense-in-depth strategies.
- Recommend risk mitigation strategies aligned with the bank’s risk appetite.
- Ensure compliance to prevent regulatory penalties and confirm adequacy of controls against policies and standards.
Knowledge, Skills, and Experience
Qualifications & Experience
- 11+ years of experience in a banking environment, with at least 3 years in information security.
- Strong understanding of information security technologies, risk assessments, and compliance processes.
- Proven experience with GRC frameworks such as ISO 27001, NIST, GDPR, PDPL.
- Professional certifications such as
CISA, CISM, CISSP, CRISC
(preferred).
Skills
- Strong analytical, problem-solving, and risk assessment skills.
- Excellent communication and interpersonal abilities for engaging stakeholders.
- Ability to manage multiple priorities and projects effectively.
- Proficiency in security tools, technologies, and reporting systems.
Strategic Insight
- Promote a culture of security awareness and compliance across the organization.
- Drive continuous improvement in the bank’s information security posture.
- Ensure effective risk mitigation and alignment with business and regulatory objectives.
