To lead and manage the Information Security Management program across Mashreq India, ensuring adherence to head office standards and local regulatory requirements, ensuring strategic and operational responsibilities:Strategic Responsibilities: Provide strategic oversight for Mashreq India regarding compliance related to Information Security, Cyber Security, Data Privacy, and other industry and regulatory requirements. Additionally, ensure that the organization's security practices are continuously aligned with evolving global standards and best practices.Operational Responsibilities and Hands-on Activities: Oversee Mashreq India's technical and non-technical projects, systems, and activities with respect to Information and Cyber Security. Furthermore, actively engage with head office team and in hands-on activities to implement and maintain robust security measures across all organizational levels.Reports directly to the Head of Information Security in Head Office and dotted line reporting to the top executive overseeing the risk management function at India.Key Result Areas: --Strategic ResponsibilitiesProvide strategic oversight for Mashreq India regarding compliance related to Information Security, Cyber Security, Data Privacy, and other industry and regulatory requirements. Align security practices/procedures to head office defined framework and well-known information security standards/guidelines such as ISO27001, PCI/DSS, NIST, etc. Partner with head office information security team and other business units such as technology, operations legal, compliance, human resource, internal audit, and local executive management in the development, implementation and progress reporting on information security measures. Establish security KPIs, KRIs, metrics, and periodic reporting processes to measure and communicate the effectiveness of the security program to local MANCO. Advise the executive management committee on risk management matters and exposure to cyber threats and concerns. Assist management on Information Security Strategy, security budgeting, projects, etc. Engage team members through coaching, training, and awareness programs to ensure risk methodologies are communicated across the enterprise.Operational Responsibilities and Hands-on ActivitiesOversee Mashreq India's technical and non-technical projects, systems, and activities impacting Information and Cyber Security. Develop and maintain documentation and govern implementation of security policies, procedures, and standards for the organization. Work with various business and technology units, within the India and global team, to implement and operate information security and data privacy controls and compliance reviews. Review and provide approvals for technology requests and changes such as architecture vetting and RFC or access control, etc. Liaise and act as POC for Information and Cyber security matters with local regulatory bodies. Review the security architecture and recommend cost-effective changes to the existing structure. Manage incident response and reporting of breaches of IT/IS Security in the organization and drive for appropriate changes. Initiate, facilitate, and foster activities to create information security awareness within the organization. Steer the design and implementation of security solutions addressing information security control gaps and risk reduction. Keep abreast of security incidents and act as the primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidents that arise. Work closely with the technology team to assure information security and data privacy requirements are articulated and adopted for any new service or change in the existing tech stack. Assist/enable business teams to comply with the regulatory requirements on Information Security and data privacy as part global framework from head office, RBI, UAE Central Bank as applicable. Manage governance for outsourced service providers based on head office framework. Assure all regulatory requirements related to information security are identified, acted on, and updates are shared with regulators within the stipulated time and expected channel and format. Become SPOC and lead global information security measure implementation for the branch as per local security threats landscape regulatory guidelines.Knowledge, Skills and ExperienceExperience range from 10-14 Yrs. A sufficiently senior level official who will have management experience to coordinate direct and in-direct reports on project and issue-based tasks. Strong decision making and prioritization skills. Strong experience and knowledge in all the Information and Cyber Security domains, areas including governance, policy procedures, security incident response, security management, etc., Sound knowledge of IT environment including infrastructure, systems, database, process etc. Knowledge of Banking environment and international compliance including PCI DSS, SWIFT CSP, GDPR etc. Professional security certifications such as CISSP, CISA, CISM, CEH, SANS, PCI-QSA, CIPP/E, CIPM etc. desirable. Strong interpersonal, analytical, and technical skills
Job Title
Chief Information Security Officer