Information Security Manager

Job Purpose

Management:

- To Strategize, develop and implement Data Protection Controls in coordination with stakeholders across the Organization globally.
- To ensure compliance of the Organization with the defined policy & framework with a data driven approach

Execution

- To ensure that the protection operations are executed effectively in a timely manner and with required quality
- Assists in the development and implementation of Data Protection strategic initiatives. Leads all Data protection related tasks with effective monitoring and protection of information security assets.

Manager – Data Protection has overall responsibility to coordinate and support the Head of Data Privacy and Protection to achieve organization’s Protection strategy and goals.

He/she is a T-Shaped expert with proven skills in most core capability areas of Data Protection and security: Policy, Governance, Protection Strategy & Program Management.

Performance evaluation of the role will be based on the positive impact on the bank in terms of Data protection posture enhancement rather than the effort put in place.

Key result Areas

- Develop and coordinate with stakeholder (internal/external) to implement Data Protection policies, procedures, and protocols.
- Collaborate with internal departments, such as human resources, business and IT, to ensure compliance with security protocols and standards.
- Drive the creation of a comprehensive data protection framework, ensuring compliance with applicable data security laws.
- Develop and maintain metrics (Key Performance / Risk Indicators) for measuring effectiveness of the managed solution and reporting to key stakeholders.
- Work closely with legal and compliance teams to manage risk, breaches, and audits related to data protection.
- Advice on implementation robust security controls across all stages of the data lifecycle, including data collection, storage, processing, transmission, and destruction.
- Ensure the use of encryption (at rest, in transit) and secure key management strategies.
- Apply anonymization and pseudonymization techniques where required to mitigate privacy risks.
- Collaborate with IT teams to integrate security measures into application and system design from the outset (security by design).
- Good understanding/hands-on knowledge of DLP solution and data classification concepts.
- Raise awareness and provide training about information handling rules to end-users;
- Design and implement controls to reduce information risk and coordinate remediation actions with the support of the business;
- Gather and document business and security requirements, identify and define opportunities and lead the development and implementation of Data Protection Controls that meet business needs.
- Establish an exception management process for scenarios where data protection policies cannot be fully enforced.
- Evaluate and approve security exceptions, ensuring that any deviations from standards are properly justified, documented, and risk-assessed.
- Monitor and review approved exceptions regularly to ensure ongoing security and compliance.

Knowledge, Skills and Experience

Essential knowledge

- Graduate/ Post Graduate degree in Science/ Engineering/ IT.
- Minimum 2 Professional certification related to Information Security like CISM / CISSP./CASP+/ CEH / CCSP
- 8+ years Information Security experience in large financial institution/ banks with minimum 5 years’ experience within Compliance, audit and/or risk function, with recent experience in Data protection projects implementation.
- In-depth knowledge of data encryption, anonymization, pseudonymization techniques.
- Strong understanding of security controls required at different stages of the data lifecycle.

Skills and Application

- Coordinate with internal stakeholders and cross-functional teams to execute Protection initiatives, ensuring that projects are completed on time and achieve desired outcomes.
- Excellent communication skills with the ability to work cross-functionally with different teams.

Strong analytical skills and the ability to evaluate the effectiveness of implemented security measures