Digital Security Manager.MGN Egy - Information Security Governance.Risk Man at Mashreq Careers

, , Egypt -

Full Time

Start Date

Immediate

Expiry Date

18 Apr, 26

Salary

0.0

Posted On

18 Jan, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Information Security, Risk Management, Security Awareness, Compliance, Incident Response, Access Control, Vendor Risk Management, Cloud Computing, Application Security, Secure Coding Practices, Communication Skills, Stakeholder Engagement, Training and Awareness, Security Policies, Regulatory Compliance, Continuous Improvement

Industry

Banking

Description

1 Job Title Digital Security Manager (BISO) Department RBG Direct Supervisor Head of Business department, dotted line to Group CISO Job Grade: L 2 Job Purpose The BISO (Business Information Security Officer) within shall act as a conduit between business, technology and information security groups, embedding security into the fabric of Mashreq, fostering a proactive and collaborative approach to managing information security risks across departments. BISO plays a crucial role in promoting a culture of security awareness and compliance within their respective areas. ensuring the security of business operations, information assets, and technology infrastructure at strategic and operational levels. BISO shall enable secure and resilient business digital transformation by partnering with information security group functions, position as a trusted advisor to business leaders, translating security policies and procedures into actionable activities that align with business objectives, and manage residual risks within the approved risk appetite. 3 Dimensions Operating Budget Number of Staff Capital Exp. Budget Others 4 Key Result Areas Advocate for Information Security: Serve as advocates for security within < Business Name>, promoting the importance of adhering to security policies, procedures, and best practices. Be a strategic leader developing information security strategies aligned with business goals. Advocate and gain support from key stakeholders across < Business Name> to integrate security as a business enabler. Feedback and Communication: Serve as a liaison between < Business Name> and the Information Security team globally and regionally, providing feedback, insights, and concerns from their colleagues to inform security decision-making and initiatives. Act as a trusted advisor to the < Business Name> leadership, providing guidance on information security risks and mitigation strategies. Communicate security risks and solutions effectively to non-technical audiences. Training and Awareness: Partner with < Business Name> unit leaders to embed security awareness into the overall business culture. Help educate < Business Name> colleagues about security risks, threats, and best practices through training sessions, workshops, and regular communications. Collaborate with the Information Security team to develop and implement security awareness campaigns tailored to the specific needs and challenges of < Business Name>. Policy Compliance: Ensure that < Business Name> activities and processes comply with the organization's information security policies, standards, and guidelines, as well as regulatory requirements across all location where Mashreq is present and industry specific requirements such as PCI-DSS or SWIFT CSP. Risk Identification and Reporting: Identify and report security risks, vulnerabilities, incidents, and concerns to the appropriate channels, such as the Information Security team or < Business Name> management. Security Incident management: Coordinate with the Information Security team during security incidents impacting < Business Name> to provide relevant information, support, and assistance as needed. Assist in incident response efforts within < Business Name>, such as facilitating communication with the Information Security team, documenting incidents, and implementing remediation measures. Security Controls Implementation: Assist in the implementation and maintenance of security controls and measures within < Business Name>, such as access controls, encryption, and monitoring tools. Oversee the application of security measures to ensure comprehensive protection of software and IT infrastructure User Access Management: Actively support the development of a role-based access control model for < Business Name> with the bank’s IAM teams Help to manage user access and permissions within < Business Name>, ensuring that access rights are granted appropriately and revoked when no longer needed. Vendor and Third-Party Risk Management: Assist in evaluating the security posture of vendors and third-party service providers that interact with < Business Name> and ensure that appropriate security measures are in place. Continuous Improvement: Actively participate in security improvement initiatives and providing feedback to enhance security processes, controls, and awareness efforts across < Business Name>. 5 Operating Environment, Framework and Boundaries, Working Relationships Operating environment: All the locations where < Business Name> is operational Frameworks: Information security policy manual, regulations, industry best practices and contractual requirements. Working Relationship: All Business, Governance, Enabling and Control groups. 6 Problem Solving Ability to enable framework, solution, and processes for proactive management of information security risks Ability to understand regulatory language, can take decision on applicability, compensating controls and residual risk. Ability to derive residual risk and control based on defense – in depth strategy and systemic risk while taking risk and control decisions. 7 Decision Making Authority & Responsibility Consult and validate recommendations to mitigate information security risks to < Business Name>. Consult and provide recommendations to mitigate the risk to a level aligned with the risk appetite of the bank and < Business Name>. Assure compliance to regulatory expectations and avoid regulatory penalty. Confirm adequacy of the controls against internal information security policy, standards and applicable regulatory requirements. 8 Knowledge, Skills, and Experience Essential knowledge Have around 8-10 years of experience in a Banking or highly regulated industry environment, including familiarity with , and over 5-10 years of experience in information security or technology risk management. Extensive knowledge of the Software Development Life Cycle (SDLC), with a focus on integrating security at each phase, from design, development, testing, and deployment. Strong understanding of Computer Science principles and practical expertise in application security Strong understanding of Computer Science principles and practical expertise in application security, secure coding practices (e.g., OWASP Top 10, DevSecOps. etc.) Strong understanding of securing software-defined networks (SDN), software-defined infrastructure (SDI), containerized environments, cloud computing and operating system security. Executive presence, and the ability to foster relationship management, negotiate and influence. Effective communications skills, including both written and verbal communication skills, and the ability to translate security principles into business terms. Familiarity with information security technologies, risk, threat and vulnerability assessments, and security measures. Knowledge of information security regulatory and compliance requirements. Skills and Application Leads the development and implementation of comprehensive information security strategies that address identified risks and compliance requirements inside < Business Name>, in alignment with the Information Security Group. Oversees < Business Name> incident response plan, ensuring it is regularly updated and tested to respond effectively to incidents. Strategic Insight Integrate information security considerations into < Business Name> strategies, recognizing the importance of information security in achieving < Business Name> objectives and competitive advantage. Communicates the strategic value of Data Privacy and Protection investments to executive leadership and key stakeholders, advocating for resources and support to strengthen the organization's capabilities. Cultivates an organizational culture inside < Business Name> that prioritizes and encourages proactive information security practices and continuous improvement across all departments.

Responsibilities

The Digital Security Manager will act as a liaison between business, technology, and information security groups, ensuring the security of business operations and information assets. They will promote a culture of security awareness and compliance while managing information security risks across departments.