Manager - Information Security & Data Privacy

Job Description

Role Summary:

Act as a liaison between internal teams, vendors, and regulatory authorities, while addressing risks across technology, privacy, business continuity, and data integrity to safeguard operations.

Key Responsibilities:

• Develop and execute information security and data privacy programs in collaboration with senior leadership.
• Evaluate organizational risk posture and provide insights for mitigating threats and vulnerabilities.
• Implement regulatory standards, ensuring regular self-assessments and compliance monitoring.
• Guide stakeholders to understand and respond to security and privacy requirements within their areas.
• Manage vendor relationships to ensure secure data storage, handling, and contract compliance.
• Lead initiatives like data classification, data loss prevention, and third-party risk assessments.
• Create comprehensive training programs for employees and executives on regulatory compliance and best practices.
• Build all Information Security and Data Privacy regulatory compliance requirements (i.e., NESA, PCI-DSS, SWIFT, Data Protection, GDPR, CCPA, etc.) associated with the laws and regulations within all relevant jurisdictions.
• Conduct audits, compliance testing, gap analysis, and remediation tracking of risk findings.
• Support cybersecurity incident response, breach investigations, and governance tool deployment.
• Maintain a knowledge base of security laws, regulations, and emerging trends to strengthen the organizations maturity.
• Monitor and ensure adherence to vendor security and privacy compliance within contracted service-level agreements.
• Define quality metrics, KPIs, and standards to continually assess compliance and program success.
• Collaborate with cross-functional teams for enterprise architecture review and long-term security planning.
• Contribute as a key member of CIRT (CyberSecurity Incident Response Team) responsible for handling incidents involving any sort of data breach.

Key Skills, Experience & Qualifications:

• Over 10 years of experience in information security, data privacy, or a related field, preferably within banking or financial services, including leadership experience.
• Bachelors or masters degree in a relevant field (e.g. Computer Science, Information Systems, Cybersecurity).
• Certified in Information Security, Risk management and IT Governance (i.e., CISA, CISM, CISSP, COBIT, CRISC, etc.)
• Certified Privacy Management Professional Certified as a lead Privacy Implementor or Auditor.
• Expertise in developing and maintaining security and privacy policies, procedures, and standards.
• Familiarity with frameworks such as NIST, ISO 27001/27701, UAE IA Standards (NESA), PCI-DSS, SWIFT CSP, COBIT, GDPR, and ISO 22301 (Business Continuity).
• Strong project management skills, including planning, budgeting, and resource allocation.
• Proficiency in conducting risk assessments, impact analysis, vulnerability assessments, and defining risk treatment strategies.
• Knowledge of security planning, including strategic, tactical, and project-specific plans.
• Experience in cloud computing security principles and practices.
• Ability to effectively supervise and collaborate with business managers, technology teams, and engineering staff.
• Excellent communication skills to engage with technical teams, management, and business personnel.
• Analytical expertise to connect security requirements with appropriate controls.
• Proven ability to train and educate staff in Information Security and Data Privacy awareness.
• In-depth knowledge of enterprise risk management frameworks and processes.
• Blockchain and/or Web3 security certification is advantageous.