Senior Manager IS Cyber Culture

Job Purpose The Cyber Security Awareness Specialist plays a critical role in maturing Mashreq Bank’s cyber security awareness program. The specialist is responsible for fostering a culture where Cybersecurity is embedded in their roles in protecting the Bank’s assets and information and integrating cybersecurity awareness into the bank's broader security strategy, ensuring a proactive and informed workforce that upholds the bank’s commitment to data protection and risk management. Key Responsibilities include: Develop and deliver a Cybersecurity Training program. Plan and execute Cybersecurity Awareness Campaigns to promote cybersecurity. Advocate for cybersecurity policies and best practices. Monitor training effectiveness and report on progress Collaborate with stakeholders to foster a cybersecurity-conscious culture. Key result Areas Training Development and Delivery Develop, implement, and maintain cybersecurity awareness training programs tailored to the bank's needs. Create engaging and innovative content, including e-learning modules, videos, infographics, and interactive sessions. Deliver in-person or virtual workshops and presentations to educate employees on cybersecurity risks and best practices. Design and implement methods to measure the impact and effectiveness of training programs, ensuring continuous improvement. Awareness Campaigns Plan and execute cybersecurity awareness campaigns aligned with the bank goals and global cybersecurity events (e.g., Cybersecurity Awareness Month). Develop and distribute communication materials such as newsletters, posters, and email alerts to promote awareness. Collaborate with marketing and HR teams to ensure consistent and aligned messaging across the bank. Phishing Simulations and Assessments Conduct phishing simulation exercises to assess employees' awareness levels and identify areas for improvement. Analyze simulation results and provide targeted recommendations and additional training where needed. Assist in developing risk mitigation strategies based on identified vulnerabilities. Policy and Best Practice Advocacy Promote adherence to cybersecurity policies and procedures across the bank. Act as a liaison between the IT/security team and employees, ensuring clear guidance on security policies and fostering two-way communication to address concerns and feedback. Monitoring and Reporting Track and analyze the effectiveness of training programs and campaigns using metrics and feedback, and incident data to identify trends and opportunities for improvement. Provide regular reports to management, detailing progress, successes, and areas for improvement. Stay updated on emerging cybersecurity threats and trends to enhance training content. Collaboration and Leadership Work closely with key stakeholders and leadership teams to align awareness programs with the bank goals. Act as a cybersecurity ambassador, fostering a proactive and security-conscious culture. Continuous Improvement: Actively participate in security improvement initiatives and providing feedback to enhance security processes, controls, and awareness efforts across the bank. Knowledge, Skills and Experience Essential knowledge Have a minimum of 10 years of experience in cybersecurity awareness, training, or related roles, preferably within the banking or financial services industry. Strong knowledge of cybersecurity principles, threats, and best practices. Excellent communication, presentation, and interpersonal skills. Proficiency in using tools for creating digital training materials (e.g., e-learning platforms, video editing software). Familiarity with phishing simulation tools, wargaming tools (e.g., Defender, Conductrr etc.), and methodologies. Experience managing relationships with senior and executives. Familiarity with information security technologies, risk, threat, and vulnerability assessments, and security measures. Knowledge of information security, regulatory, and compliance requirements. Skills and Application Support in the development and implementation of a comprehensive information security awareness program in alignment with the Information Security Group strategy. Oversees awareness program and ensures key metrics are managed within the risk appetite level. Strategic Insight Cultivates an organizational culture inside that prioritizes and encourages proactive information security practices and continuous improvement across all departments. Integrate information security considerations into ISG strategies, recognizing the importance of information security in achieving ISG objectives and competitive advantage. Communicates the strategic value of Information Security and Data to executive leadership and key stakeholders, advocating for resources and support to strengthen the bank's capabilities. Key Competencies Creativity and ability to craft engaging, informative materials for diverse audiences. Analytical skills to assess training effectiveness and identify risks. Strong organizational and project management skills. A proactive mindset and enthusiasm for fostering a culture of cybersecurity awareness. Professional certifications: CISA, CISM, CISSP, CRISC, ISO27001 LA/LI etc.