JOB DESCRIPTION
Job Purpose
The Cyber Security Awareness Specialist plays a critical role in maturing Mashreq Bank’s cyber security awareness program. The specialist is responsible for fostering a culture where Cybersecurity is embedded in their roles in protecting the Bank’s assets and information and integrating cybersecurity awareness into the bank's broader security strategy, ensuring a proactive and informed workforce that upholds the bank’s commitment to data protection and risk management.
Key Responsibilities include:
- Develop and deliver a Cybersecurity Training program.
- Plan and execute Cybersecurity Awareness Campaigns to promote cybersecurity.
- Advocate for cybersecurity policies and best practices.
- Monitor training effectiveness and report on progress
- Collaborate with stakeholders to foster a cybersecurity-conscious culture.
Training Development and Delivery
- Develop, implement, and maintain cybersecurity awareness training programs tailored to the bank's needs.
- Create engaging and innovative content, including e-learning modules, videos, infographics, and interactive sessions.
- Deliver in-person or virtual workshops and presentations to educate employees on cybersecurity risks and best practices.
- Design and implement methods to measure the impact and effectiveness of training programs, ensuring continuous improvement.
Awareness Campaigns
- Plan and execute cybersecurity awareness campaigns aligned with the bank goals and global cybersecurity events (e.g., Cybersecurity Awareness Month).
- Develop and distribute communication materials such as newsletters, posters, and email alerts to promote awareness.
- Collaborate with marketing and HR teams to ensure consistent and aligned messaging across the bank.
Phishing Simulations and Assessments
- Conduct phishing simulation exercises to assess employees' awareness levels and identify areas for improvement.
- Analyze simulation results and provide targeted recommendations and additional training where needed.
- Assist in developing risk mitigation strategies based on identified vulnerabilities.
Policy and Best Practice Advocacy
- Promote adherence to cybersecurity policies and procedures across the bank.
Act as a liaison between the IT/security team and employees, ensuring clear guidance on security policies and fostering two-way communication to address concerns and feedback.
Monitoring and Reporting
- Track and analyze the effectiveness of training programs and campaigns using metrics and feedback, and incident data to identify trends and opportunities for improvement.
- Provide regular reports to management, detailing progress, successes, and areas for improvement.
- Stay updated on emerging cybersecurity threats and trends to enhance training content.
Collaboration and Leadership
- Work closely with key stakeholders and leadership teams to align awareness programs with the bank goals.
- Act as a cybersecurity ambassador, fostering a proactive and security-conscious culture.
Continuous Improvement:
- Actively participate in security improvement initiatives and providing feedback to enhance security processes, controls, and awareness efforts across the bank.
Operating Environment, Framework and Boundaries, Working Relationships
- Operating environment: All Mashreq Bank locations
- Frameworks: Information security policy manual, CBUAE and local Regulations, industry best practices and contractual requirements.
- Working Relationship: All Business, Governance, Enabling and Control groups.
Problem Solving
- Ability to assess IS Governance, Policy and Procedure Standards for banking environment
- Ability to assess applicability of IS regulatory requirements
- Ability to consult and provide solutions to business and technology that mitigates IS risks
- Collaborate with cross-functional teams to develop solutions addressing systemic risks and ensuring a cohesive defense-in-depth approach.
- Ability to derive residual risk and control based on defense – in depth strategy and systemic risk while taking risk and control decisions.
Decision Making Authority & Responsibility
- Influences policy adherence, regulation applicability, scoping and control decision.
- Consult and provide recommendations to mitigate the risk to a level aligned with the risk appetite of the bank.
- Assure compliance to regulatory expectation and avoid regulatory penalty.
- Confirm adequacy of the controls against internal information security policy, standards and applicable regulatory requirements.
Knowledge, Skills, and Experience
Essential knowledge
- Have a minimum of 10 years of experience in cybersecurity awareness, training, or related roles preferably within the banking or financial services industry.
- Strong knowledge of cybersecurity principles, threats, and best practices.
- Excellent communication, presentation, and interpersonal skills.
- Proficiency in using tools for creating digital training materials (e.g., e-learning platforms, video editing software).
- Familiarity with phishing simulation tools, wargaming tools (e.g., Defender, Conductrr etc.) and methodologies.
- Experience managing relationships with senior and executives.
- Familiarity with information security technologies, risk, threat and vulnerability assessments, and security measures.
- Knowledge of information security regulatory and compliance requirements.
Skills and Application
- Support in the development and implementation of comprehensive information security awareness program in alignment with the Information Security Group strategy.
- Oversees awareness program and ensuring key metrics are managed within risk appetite level.
Strategic Insight
Cultivates an organizational culture inside that prioritizes and encourages proactive information security practices and continuous improvement across all departments.
- Integrate information security considerations into ISG strategies, recognizing the importance of information security in achieving ISG objectives and competitive advantage.
- Communicates the strategic value of Information Security and Data to executive leadership and key stakeholders, advocating for resources and support to strengthen the bank's capabilities.
Key Competencies
- Creativity and ability to craft engaging, informative materials for diverse audiences.
- Analytical skills to assess training effectiveness and identify risks.
- Strong organizational and project management skills.
- A proactive mindset and enthusiasm for fostering a culture of cybersecurity awareness.
- Professional certifications: CISA, CISM, CISSP, CRISC, ISO27001 LA/LI etc.
