AVP - Governance Risk & Compliance - Information Security Group

Key Responsibilities:1. Information Security Governance- Develop, implement, and maintain the Information Security Governance Framework in alignment with business strategy and regulatory requirements.- Define, review, and update security policies, standards, and guidelines to ensure relevance and effectiveness.- Establish and monitor key performance indicators (KPIs) and key risk indicators (KRIs) for the bank's information security posture.- Ensure that the bank's security initiatives are consistent with business goals, risk appetite, and industry best practices (e.g., ISO 27001, NIST, COBIT).- Lead governance forums and management reviews on information security matters, ensuring timely escalation and decision-making.2. Risk Management- Oversee and continuously enhance the Information Security Risk Management Program to identify, assess, mitigate, and monitor cyber and technology risks.- Conduct regular risk assessments of critical systems, processes, and third-party vendors to ensure proper risk treatment and remediation.- Support business and IT units in understanding and managing their security risks in line with enterprise risk management (ERM) principles.- Provide input into the bank's risk register and ensure alignment between technology and operational risk functions.- Promote a proactive risk culture that focuses on prevention, detection, and resilience.3. Compliance Management- Ensure compliance with applicable regulatory and legal requirements (e.g., UAE Central Bank, NESA, GDPR, PCI DSS) and internal security policies.- Liaise with regulators, auditors, and external assessors on all information security governance, risk, and compliance matters.- Coordinate and oversee periodic internal and external security audits, assessments, and certifications.- Drive remediation of audit findings and ensure timely closure of identified gaps.- Maintain awareness of emerging regulatory and compliance trends in cybersecurity and data protection.4. Cyber Strategy & Program Management- Support the Head of IS GRC in defining and executing the bank's cybersecurity strategy and roadmap.- Oversee program and project governance, ensuring alignment with security architecture, IT operations, and digital transformation initiatives.- Lead initiatives to embed security by design into all technology and business processes.- Drive continuous improvement through maturity assessments, benchmarking, and adoption of new technologies and frameworks.5. Culture, Awareness & Leadership- Promote a security-conscious culture by designing and implementing awareness and training programs across all levels of the organization.- Lead a Center of Excellence (CoE) within IS GRC, focusing on developing expertise, frameworks, and automation in governance and compliance processes.- Mentor and develop team members to become T-shaped professionals, capable of contributing across multiple domains of GRC.- Act as the deputy to the Head of IS GRC, representing the function in governance committees and strategic forums when required.Qualifications, Skills, and Experience:- Bachelor's or Master's degree in Information Security, Computer Science, Information Technology, or a related discipline.- 8-12 years of experience in Information Security Governance, Risk, and Compliance roles within the banking or financial services industry.- In-depth understanding of information security frameworks (ISO 27001, NIST CSF, COBIT, ITIL) and risk management methodologies.- Proven experience in managing security compliance programs across multiple jurisdictions.- Strong grasp of cybersecurity regulatory requirements in the UAE and other global markets.- Professional certifications such as CISM, CRISC, CISSP, ISO 27001 Lead Implementer/Auditor are highly desirable.- Excellent communication, stakeholder management, and influencing skills.- Demonstrated leadership and mentoring capabilities in a matrix or cross-functional environment.- Strong analytical and strategic thinking abilities with a focus on delivering measurable results. (ref:iimjobs.com)