Mashreq - Senior Manager - Information Security - Risk Management - GRC

Security Risk Management:- Develop, implement, and maintain the Information Security Risk Management Framework, ensuring alignment with the banks enterprise risk management (ERM) strategy.- Identify, assess, and monitor information security and cyber risks across the banks business units, technology platforms, and third-party relationships.- Define risk appetite, tolerance levels, and key risk indicators (KRIs) in collaboration with senior stakeholders.- Ensure consistent application of risk assessment methodologies (qualitative and quantitative) across the organization.- Conduct regular risk reviews and control effectiveness assessments for critical systems and processes.- Collaborate with IT, Operations, and Business functions to embed security risk management into strategic initiatives, projects, and daily operations.Risk Reporting & Governance:- Develop and maintain a centralized reporting framework for security risks, control effectiveness, and risk mitigation progress.- Generate timely and accurate reports, dashboards, and executive summaries for senior management, risk committees, and the Board.- Provide clear insights on key security risks, emerging threats, and trends to support strategic decision-making.- Track and monitor remediation of identified risks and ensure closure of risk mitigation actions within defined timelines.- Define and maintain documentation and evidence supporting compliance with internal policies and regulatory requirements.GRC Automation & Process Enablement:- Design and implement automation initiatives to streamline risk management, monitoring, and reporting processes.- Lead the deployment, configuration, and optimization of GRC tools (e.g., Archer, ServiceNow GRC, MetricStream, or similar) to enhance operational efficiency and risk visibility.- Integrate GRC tools with other enterprise systems for seamless data flow, real-time updates, and automated reporting.- Develop and maintain automated workflows, dashboards, and analytics for improved risk management insights.- Drive continuous improvement by leveraging data analytics and automation for proactive risk detection and predictive risk management.Policy, Standards, and Compliance Alignment:- Ensure information security risk management processes comply with internal policies, regulatory mandates, and industry frameworks such as NIST, ISO 27001, COBIT, and FFIEC.- Support audits, regulatory reviews, and assurance exercises by providing necessary documentation and evidence.- Collaborate with compliance and audit teams to address findings and ensure closure of gaps.Leadership & Stakeholder Engagement:- Provide subject matter expertise and guidance to business units on information security risk management practices.- Act as a key liaison between ISG, Enterprise Risk, Compliance, and Business units.- Mentor and develop junior GRC team members to enhance analytical, technical, and reporting capabilities.- Support the Head of IS GRC in strategic initiatives, governance reviews, and regulatory Skills, and Experience:- Bachelors or Masters degree in Information Security, Computer Science, Risk Management, or related field.- Minimum 8-10 years of experience in Information Security Risk Management, GRC, or Cybersecurity Governance within the banking or financial services industry.- In-depth knowledge of information security frameworks and standards (NIST, ISO 27001, COBIT, CIS).- Proven experience implementing or managing GRC platforms (RSA Archer, ServiceNow GRC, MetricStream, or similar).- Strong understanding of risk quantification methodologies, cyber risk assessment, and metrics-based reporting.- Experience with data analytics tools and automation (e.g., Power BI, Tableau, or Python-based reporting) is an advantage.- Familiarity with regulatory requirements such as UAE Central Bank, NESA, GDPR, PCI DSS.- Relevant certifications such as CISM, CRISC, CISSP, CGEIT, or ISO 27001 Lead Implementer are highly desirable.- Excellent communication, analytical, and presentation skills with the ability to influence senior stakeholders.- Strong leadership and project management capabilities. (ref:iimjobs.com)