To develop, manage, and execute Information Security Governance, Risk and Compliance across Mashreq to – Contribute strategically to the bank’s success and enable the business and technology strategy of the bank to expand with secure and reliable service offering. Navigate compliance complexities and support compliance with information security requirements across regions, Ensure the confidentiality, integrity, and availability of our sensitive information and IT assets and a proactive approach to build a resilient security posture and Empower a security-conscious culture - all while.
Manager IS Governance, Risk and Compliance (IS GRC) has overall responsibility for information security governance, risk and compliance management and supporting Head of IS GRC to achieve organization’s security strategy and goals. He / She is deputy of the Head of IS GRC. Manager of IS GRC is a T-Shaped expert with proven skills in most core capability areas of IS GRC: Policy, Governance and Culture, Cyber Strategy & Program Management and Risk and Compliance. She / He will actively develop his expertise and leadership in other capability area to cover all GCR scope, including by rotating roles between Managers of IS GRC. Manager of IS GRC will lead a Center of Excellence in his area of primary focus and supports the growth of T-Shaped expertise in the CoE. Performance evaluation of the role will be based on the positive impact on the bank in terms of risk reduction instead on the effort put in place. Key Result Areas Risk Life-Cycle Management: Define risk lifecycle management process for the bank in alignment with ERM and ORM and enable the same in ISG GRC solution to support the unit. Act as a trusted advisor to Business when supporting risk-based decisions. Support in developing and implementing, in collaboration with ERM and ORM, a Risk Appetite lifecycle framework to ensure continuous alignment with business needs, the internal and external threat landscape, and regulatory requirements. Assure Information Security exceptions are documented, effectively assessed and approved from respective risk owners and tracked for closure.
Third-party Risk Management: Oversee the management of third-party risks. Ensure that all third parties that the organization deals with comply with the organization’s information security requirements and in alignment with Bank’s TPRM framework. Support in performing Security risk assessments as per annual plan and ensure documentation of all key risks in GRC platform for tracking and remediation tracking.
- Cyber Risk Management:
- Support in managing the organization’s cyber risks by having a mechanism to identify the key cyber risk to the organization and documenting and reporting to effectively tracked for closure.
General Support in maintaining a GRC roadmap and in presenting progress bi-monthly to the Head of IS GRC. Demonstrate adoption of ISG vision, mission, key principles, cultural and operational objectives. Support actively key ISG transverse initiatives. Support in managing main GRC Run The Bank and Change The Bank agenda to deliver quality results, on time and budget. Escalate in advance any alert, risk, critical dependency, and issue that arise with options for their management to ensure pro-active management and no surprises. Ensure preparation, execution and follow-up of regulatory examinations, audits, and assessment. Those reviews shall not result in any critical or high-risk issue for ISG or for ISG GRC. Ensure closing of all legal, regulatory and audit issues with the expected level of quality, in time and budget.
|