Job Title

Job Title: Senior Manager – Information Security Risk Location: REMOTE Department: Information Security Governance (ISG) Reporting To: Head – IS GRC Role Overview: The Senior Manager – Information Security Risk is responsible for developing, executing, and managing the bank’s Information Security Risk Management (ISRM) program. The role plays a pivotal part in safeguarding Mashreq Bank’s critical assets by identifying, assessing, and mitigating internal and third-party security risks. This position ensures resilience through a robust and forward-looking security risk framework aligned with regulatory expectations and the bank's strategic objectives. Key Responsibilities: Information Security Risk Management Refine and implement a comprehensive Information Security risk lifecycle aligned with ERM and ORM frameworks. Act as a trusted advisor to business stakeholders for risk-based decision-making. Maintain and govern the ISG Risk platform, ensuring accurate risk assessment, exception management, tracking, and reporting. Third-Party Risk Management (TPRM) Design and maintain a best-in-class TPRM program to assess, monitor, and manage supplier risks. Conduct due diligence, risk assessments, and ongoing monitoring for third parties to ensure compliance with contractual and regulatory requirements. Align third-party risk practices with standards such as ISO 27001, NIST, and PCI-DSS. Cyber Risk Governance Oversee cyber risk identification, assessment, and mitigation processes. Maintain a centralized cyber risk register and produce regular risk reports for senior management. Drive initiatives that improve cyber risk visibility and response effectiveness. RCSA & Compliance Enable and monitor the Information Security RCSA process to proactively manage control effectiveness. Ensure all security exceptions and regulatory findings are properly tracked, remediated, and closed within defined timelines. IS Risk Platform Ownership Act as business owner of the ISG Risk solution. Integrate risk systems to automate risk identification, assessment, and reporting across locations and business units. Support internal and regulatory audits by providing relevant data and insights through the risk platform. Strategic Contribution & Performance Metrics: Contribute to the bank’s cybersecurity strategy by embedding risk-driven decision-making into the enterprise culture. Drive measurable reduction in internal and third-party information security risks. Foster operational resilience and enhance security posture across the bank. Regularly present IS risk metrics, insights, and roadmap progress to the Head of IS GRC and senior leadership. Key Working Relationships: Internal Stakeholders: Technology, Business Units (LOD-1), Tech GRC, Group Compliance, Fraud Prevention, Operational Risk, and Internal Audit. External Stakeholders: Regulators, Supervisory Authorities, Third-Party Vendors, and External Auditors. Decision Making & Accountability: Recommend and validate risk mitigation strategies aligned with the bank’s risk appetite. Drive ownership and accountability across business units for managing IS risks. Ensure compliance with all legal, regulatory, and internal information security requirements. Required Knowledge, Skills, and Experience: Experience: 11–14 years of experience in Information Security, with expertise in risk management, cyber governance, and TPRM. Minimum 4 years of experience managing complex, multi-stakeholder projects in banking or financial domains. Experience in banking, fintech, or payment processing environments is highly preferred. Skills & Competencies: Strong expertise in IS risk assessments, controls evaluation, and cyber risk frameworks. Excellent stakeholder management, communication (verbal & written), and analytical skills. Proficient in regulatory interpretation, control mapping, and gap analysis. Deep understanding of international frameworks: ISO 27001, NIST, PCI-DSS, and relevant regional banking regulations. Certifications (at least one required): CISM , CISA , CISSP , CRISC , or equivalent. Key Attributes: Strategic thinker with strong execution capabilities. Risk-oriented mindset with the ability to balance business agility and compliance. Proactive leader who drives innovation and process automation for efficiency and resilience. Committed to fostering a strong security culture and continuous improvement.