promoting a culture of security awareness and compliance within their respective areas. 

ensuring the security of business operations, information assets, and technology infrastructure at strategic and operational levels.  

Serve as advocates for security within < Business Name>, promoting the importance of adhering to security policies, procedures, and best practices.  

Be a strategic leader developing information security strategies aligned with business goals. 

Advocate and gain support from key stakeholders across < Business Name> to integrate security as a business enabler.  

Serve as a liaison between < Business Name> and the Information Security team globally and regionally, providing feedback, insights, and concerns from their colleagues to inform security decision-making and initiatives. 

Act as a trusted advisor to the < Business Name> leadership, providing guidance on information security risks and mitigation strategies. 

Communicate security risks and solutions effectively to non-technical audiences. 

Partner with < Business Name> unit leaders to embed security awareness into the overall business culture. 

Help educate < Business Name> colleagues about security risks, threats, and best practices through training sessions, workshops, and regular communications. 

Collaborate with the Information Security team to develop and implement security awareness campaigns tailored to the specific needs and challenges of < Business Name>. 

Ensure that < Business Name> activities and processes comply with the organization's information security policies, standards, and guidelines, as well as regulatory requirements across all location where Mashreq is present and industry specific requirements such as PCI-DSS or SWIFT CSP. 

Identify and report security risks, vulnerabilities, incidents, and concerns to the appropriate channels, such as the Information Security team or < Business Name> management. 

Coordinate with the Information Security team during security incidents impacting < Business Name> to provide relevant information, support, and assistance as needed. 

Assist in incident response efforts within < Business Name>, such as facilitating communication with the Information Security team, documenting incidents, and implementing remediation measures. 

Assist in the implementation and maintenance of security controls and measures within < Business Name>, such as access controls, encryption, and monitoring tools. 

Oversee the application of security measures to ensure comprehensive protection of software and IT infrastructure 

Actively support the development of a role-based access control model for < Business Name> with the bank’s IAM teams  

Help to manage user access and permissions within < Business Name>, ensuring that access rights are granted appropriately and revoked when no longer needed. 

Assist in evaluating the security posture of vendors and third-party service providers that interact with < Business Name> and ensure that appropriate security measures are in place. 

Actively participate in security improvement initiatives and providing feedback to enhance security processes, controls, and awareness efforts across < Business Name>. 

Operating environment: All the locations where < Business Name> is operational 

Frameworks: Information security policy manual, regulations, industry best practices and contractual requirements.  

Working Relationship: All Business, Governance, Enabling and Control groups.  

Ability to enable framework, solution, and processes for proactive management of information security risks  

Ability to understand regulatory language, can take decision on applicability, compensating controls and residual risk.  

Ability to derive residual risk and control based on defense – in depth strategy and systemic risk while taking risk and control decisions.  

Consult and validate recommendations to mitigate information security risks to < Business Name>. 

Consult and provide recommendations to mitigate the risk to a level aligned with the risk appetite of the bank and < Business Name>.     

Assure compliance to regulatory expectations and avoid regulatory penalty. 

Confirm adequacy of the controls against internal information security policy, standards and applicable regulatory requirements. 

Have around 8-10 years of experience in a Banking or highly regulated industry environment, including familiarity with <Business Name>, and over 5-10 years of experience in information security or technology risk management.  

Extensive knowledge of the Software Development Life Cycle (SDLC), with a focus on integrating security at each phase, from design, development, testing, and deployment. 

Strong understanding of Computer Science principles and practical expertise in application security 

Strong understanding of Computer Science principles and practical expertise in application security, secure coding practices (e.g., OWASP Top 10, DevSecOps. etc.) 

Strong understanding of securing software-defined networks (SDN), software-defined infrastructure (SDI), containerized environments, cloud computing and operating system security. 

Executive presence, and the ability to foster relationship management, negotiate and influence.  

Effective communications skills, including both written and verbal communication skills, and the ability to translate security principles into business terms. Familiarity with information security technologies, risk, threat and vulnerability assessments, and security measures.  

Knowledge of information security regulatory and compliance requirements.  

Leads the development and implementation of comprehensive information security strategies that address identified risks and compliance requirements inside < Business Name>, in alignment with the Information Security Group. 

Oversees < Business Name> incident response plan, ensuring it is regularly updated and tested to respond effectively to incidents. 

Integrate information security considerations into < Business Name> strategies, recognizing the importance of information security in achieving < Business Name> objectives and competitive advantage. 

Communicates the strategic value of Data Privacy and Protection investments to executive leadership and key stakeholders, advocating for resources and support to strengthen the organization's capabilities. Cultivates an organizational culture inside < Business Name> that prioritizes and encourages proactive information security practices and continuous improvement across all departments.