Job Title : Senior Manager - Information Security Risk.

Location : REMOTE.

Department : Information Security Governance (ISG).

Reporting To : Head - IS GRC.

Role Overview :

- The Senior Manager - Information Security Risk is responsible for developing, executing, and managing the bank's Information Security Risk Management (ISRM) program.

- The role plays a pivotal part in safeguarding Mashreq Bank's critical assets by identifying, assessing, and mitigating internal and third-party security risks.

- This position ensures resilience through a robust and forward-looking security risk framework aligned with regulatory expectations and the bank's strategic objectives.

Key Responsibilities:

Information Security Risk Management:

- Refine and implement a comprehensive Information Security risk lifecycle aligned with ERM and ORM frameworks.

- Act as a trusted advisor to business stakeholders for risk-based decision-making.

- Maintain and govern the ISG Risk platform, ensuring accurate risk assessment, exception management, tracking, and reporting.

Third-Party Risk Management (TPRM):

- Design and maintain a best-in-class TPRM program to assess, monitor, and manage supplier risks.

- Conduct due diligence, risk assessments, and ongoing monitoring for third parties to ensure compliance with contractual and regulatory requirements.

- Align third-party risk practices with standards such as ISO 27001, NIST, and PCI-DSS.

Cyber Risk Governance:

- Oversee cyber risk identification, assessment, and mitigation processes.

- Maintain a centralized cyber risk register and produce regular risk reports for senior management.

- Drive initiatives that improve cyber risk visibility and response effectiveness.

RCSA & Compliance:

- Enable and monitor the Information Security RCSA process to proactively manage control effectiveness.

- Ensure all security exceptions and regulatory findings are properly tracked, remediated, and closed within defined timelines.

- IS Risk Platform Ownership.

- Act as business owner of the ISG Risk solution.

- Integrate risk systems to automate risk identification, assessment, and reporting across locations and business units.

- Support internal and regulatory audits by providing relevant data and insights through the risk platform.

Strategic Contribution & Performance Metrics:

- Contribute to the bank's cybersecurity strategy by embedding risk-driven decision-making into the enterprise culture.

- Drive measurable reduction in internal and third-party information security risks.

- Foster operational resilience and enhance security posture across the bank.

- Regularly present IS risk metrics, insights, and roadmap progress to the Head of IS GRC and senior leadership.

Key Working Relationships:.

- Internal Stakeholders: Technology, Business Units (LOD-1), Tech GRC, Group Compliance, Fraud Prevention, Operational Risk, and Internal Audit.

- External Stakeholders: Regulators, Supervisory Authorities, Third-Party Vendors, and External Auditors.

Decision Making & Accountability:.

- Recommend and validate risk mitigation strategies aligned with the bank's risk appetite.

- Drive ownership and accountability across business units for managing IS risks.

- Ensure compliance with all legal, regulatory, and internal information security requirements.

Required Knowledge, Skills, and Experience:.

Experience:.

- 11-14 years of experience in Information Security, with expertise in risk management, cyber governance, and TPRM.