Senior Manager, IS Governance

 Posted an hour ago
  
 Egypt
  
10+ years experience
Apply Now

Please mention DailyRemote when applying

AI Summary

Ensure strategic alignment of Information Security GRC initiatives with the bank's risk strategy, regulatory obligations, and ESG commitments. Drive risk tracking, policy exception management, and the automation of GRC processes to enhance security posture and visibility.

Job Purpose:

The role is to ensure strategic alignment of Information Security GRC initiatives with the bank’s risk management strategy, regulatory obligations, governance frameworks and the organization’s enterprise ESG commitments. The role drives Information Security GRC initiatives to strengthen the security posture while ensuring compliance and organizational alignment through:

•                Risk tracking and compliance monitoring

•                Policy exception management

•                RCSA coordination

•                Offshoring risk reporting

The position also leverages automation to streamline Information Security GRC processes, enhance risk visibility, and maintain accurate reporting across the Information Security Group (ISG).

The role ensures that information security governance, risk, compliance, and reporting practices demonstrably support ESG governance and social objectives, without duplicating or replacing the responsibilities of the corporate ESG function.

This role operationalizes ESG-relevant cybersecurity controls, metrics, disclosures, and assurance activities within ISG, ensuring readiness for regulatory, investor, and board-level ESG scrutiny. Also support AVP – ISG GRC in preparing executive, board, and regulatory ESG-related cybersecurity governance responses.

Key Result Areas:

Governance, Risk, Compliance:

  • Ensure adherence to internal policies, regulatory requirements, and industry standards. 

  • Identify, assess, and manage information security risks across business units. 

  • Maintain compliance documentation and evidence for audits.

 

Policy Exception Management:

  • Develop and maintain a comprehensive process for managing policy exceptions, including documentation, expiration date and approval workflows.

  • Ensure all policy exceptions are properly documented, reviewed, and approved in accordance with organizational standards.

  • Perform risk assessments for proposed policy exceptions to evaluate their potential impact on compliance and security. 

  • Work with stakeholders to communicate policy exception process, develop compensating controls for policy exceptions, and ensure timely closure.

  • Regularly review and monitor granted exceptions to ensure compliance with the terms and conditions.

  • Conduct periodic audits to assess compliance with approved exceptions and identify deviations for remediation. 

 

Risk Control Self Assessments 

  • Coordinate and ensure regular risk control self-assessments across various business units to identify and evaluate potential risks.

  • Compile and analyze assessment results and prepare detailed reports with actionable insights and recommendations.

  • Perform follow-ups to verify the effectiveness of implemented controls and risk mitigation measures.

 

Offshoring Reporting

  • Maintain accurate and timely reporting of offshoring activities

  • Ensure alignment with regulatory reporting requirements, and supporting the organization’s compliance posture concerning offshore operations

  • Establish streamlined reporting mechanisms that meet both internal and external requirements.

  • Assess and manage the risks associated with offshoring arrangements. Ensure that appropriate controls and mitigations are in place to address any regulatory or compliance risks tied to offshore activities.

 

GRC Function Automation: 

  • Be the owner of the bank’s GRC platform for ISG and oversee the management of the bank’s IS GRC solution. 

  • Oversee the administration, configuration, and maintenance of the GRC platform to ensure optimal performance and availability

  • Enable centralized knowledgebase and GRC solution to automate Information Security activities and governance process with a centralized risk register, risk reports and dashboards related to overall risk posture for specific location and business unit. 

  • Automate the GRC functions and reduce manual efforts to provide near real time insights into risks by performing quantitative and qualitative assessments. 

  • Support local CISO’s / IS SPOCs in regulatory audit discussion and data required from ISG and enabling the local CISOs with Archer access to onboard the open issues for centralized tracking and governance.

  • Ensure that the solution is effectively used to support the organization’s information security governance, risk, and compliance activities

 

ESG–ISG Alignment Framework

 

  • Establish and maintain a formal mapping between ISG control frameworks (ISO 27001, NIST, regulatory requirements) and enterprise ESG governance and social disclosure requirements.

  • Define ESG-relevant cybersecurity control objectives and assurance artifacts.

 

ESG-Relevant Metrics and Reporting

 

  • Design cybersecurity ESG indicators (e.g., cyber risk governance, data protection maturity, incident disclosure readiness).

  • Ensure ISG reporting feeds into enterprise ESG dashboards and external disclosures where required.

  • Prepare cybersecurity governance inputs for board-level ESG and risk reporting.

  • Support CISO and VP IS GRC in responding to executive and regulator ESG inquiries.

 

ESG Assurance and Audit Support

 

  • Integrate ISG evidence collection to support ESG audits, sustainability assurance, and regulatory examinations.

  • Coordinate ISO 27001, cyber risk, and data protection assurance activities that support ESG governance reporting.

 

Policy and Standard Integration

 

  • Ensure ISG policies, standards, and procedures reflect ESG governance commitments and public disclosures.

  • Maintain consistency between internal security governance documents and enterprise ESG policy statements.

 

Stakeholder Coordination

 

  • Act as ISG liaison to the corporate ESG function.

  • Escalate material ESG-related cyber governance risks to AVP – ISG GRC for executive-level decision and disclosure consideration.

 

Regulatory and Disclosure Readiness

 

  • Monitor emerging ESG regulations relating to cybersecurity, data protection, and digital resilience.

  • Translate regulatory requirements into actionable ISG controls and reporting obligations.

 

Key Principles:

  • No ownership of enterprise ESG strategy — Alignment and integration only.

  • Evidence-driven governance — All ESG claims relating to cybersecurity must be auditable.

  • Consistency — Public ESG disclosures must match internal security practices.

  • Regulatory defensibility — Readiness for regulator, investor, and external assurance scrutiny.

  • Non-duplication — Avoid parallel ESG structures Inside ISG.

 

Operating Environment, Framework and Boundaries, Working Relationships:

  • Operating environment: All the locations where Mashreq Bank is operational

  • Information Security / Cyber Security Regulations and Industry best practices. 

  • All business units including LOD 1-3 including LOD1 – Business, Tech GRC, Technology, LOD-2 Group Compliance, Fraud Prevention, Risk Management and LOD-3 Internal Audit.

 

Problem Solving:

 

  • Translate high-level ESG commitments into concrete ISG control and reporting requirements.

  • Resolve conflicts between enterprise ESG narratives and actual ISG control maturity.

  • Design pragmatic metrics where ESG frameworks are vague or non-prescriptive.

  • Identify and remediate ESG-related cybersecurity disclosure gaps before external reporting.

  • Anticipate regulatory changes affecting cyber-related ESG obligations.

 

Decision Making Authority & Responsibility:

 

  • Consult and validate recommendations to mitigate information security risks

  • Consult and provide recommendations to mitigate the risk to a level aligned with the risk appetite of the bank.   

  • Assure compliance with regulatory expectations and avoid regulatory penalties.

  • Confirm adequacy of the controls against internal information security policy, standards and applicable regulatory requirements.

Authority:

  • Define ISG ESG integration frameworks and reporting structures.

  • Propose cybersecurity ESG metrics and control mappings for approval by AVP – ISG GRC.

  • Recommend updates to ISG policies driven by ESG obligations.

Responsibility:

  • Accuracy and defensibility of cybersecurity inputs to ESG disclosures.

  • Readiness for ESG assurance and regulatory reviews relating to cyber governance.

  • Maintaining alignment between ISG practices and enterprise ESG commitments.

Non-Authority:

  • No ownership of enterprise ESG strategy, disclosures, or sustainability programs.

  • No override of CISO or corporate ESG EVP decisions.

  • No direct authority to commit ISG or enterprise ESG disclosures without VP – ISG GRC approval.

 

Knowledge, Skills, and Experience:

 

Knowledge

  • Familiarity with information security technologies, risk, threat and vulnerability assessments, and security measures. 

  • Experience with governance, risk management, and compliance frameworks (e.g., ISO 27001, NIST, GDPR, PDPL).

  • ESG frameworks and disclosure standards (ISSB/SASB, CSRD, TCFD governance sections).

  • Regulatory cyber requirements relevant to financial or technology sectors.

  • Internal and external audit practices.

  • Hold professional certifications (e.g., CISA, CISM, CISSP, CRISC)

 

Skills

  • Control framework mapping and integration.

  • Governance documentation and evidence design.

  • Executive-level reporting and board material preparation.

  • Cross-functional stakeholder management.

  • Regulatory interpretation and translation into controls.

  • Audit and assurance readiness planning.

 

Experience

  • 8-12+ years’ experience in banking, with at least 3 years in information security. 

  • Direct involvement in ISO 27001 or equivalent certification programs.

  • Experience preparing regulatory or board-level cyber governance reporting.

  • Exposure to ESG reporting, sustainability assurance, or non-financial disclosures preferred.

  • Experience working with CISO-level stakeholders.

Similar Jobs

See all Remote Others jobs →

Personalize your Remote Job Search in 3 Easy Steps!

Discover remote opportunities in Others

Answer easy questions

Answer easy questions

200,000+ jobs across 15+ categories

Get your best job matches

Get your best job matches

Only hand-screened, legit jobs

Find a remote job faster

Find a remote job faster

No ads, scams, or junk

I was the first applicant for a remote marketing position that got listed on the company website the same day I applied. Had an interview within 48 hours!

Sarah J. — Sarah J. · Marketing Manager ★★★★★ Verified