[Hiring] Senior Manager-Data Protection.ISG - Information Security Program @Mashreq

Role Description

Primarily looking for individuals with strong expertise, min 12 + years of experience in DLP (Data Loss/Leak Prevention) and DSPM (Data Security Posture Management).

• To strategize, develop and implement Data Protection Controls in coordination with stakeholders across the Organization globally.
• To ensure compliance of the Organization with the defined policy & framework with a data-driven approach.
• To ensure that the protection operations are executed effectively in a timely manner and with required quality.
• Assists in the development and implementation of Data Protection strategic initiatives.
• Leads all Data protection related tasks with effective monitoring and protection of information security assets.
• Overall responsibility to coordinate and support the Head of Data Protection to achieve organization’s Protection strategy and goals.
• T-Shaped expert with proven skills in most core capability areas of Data Protection and security: Policy, Governance, Protection Strategy & Program Management.
• Performance evaluation of the role will be based on the positive impact on the bank in terms of Data protection posture enhancement rather than the effort put in place.
• Drive various Data Protection Initiatives to improve overall maturity.

Requirements

• Establish the Incident Response framework for GSOC and consult with various business units and legal counsel on developing and improving data leakage protection processes.
• Maintain and update investigation handling expectations and service level expectations.
• Development and maintenance of DLP Policies, Standards, Procedures, and Guidelines.
• Ensure compliance with regulations required for DLP.
• Conduct regular audits and assessments to ensure compliance with data protection regulations and internal policies.
• Ensure metrics (Key Performance / Risk Indicators) for measuring the effectiveness of the DLP solution are in place.
• Identify stakeholders in IT, legal, and compliance teams to ensure secure data handling practices across the organization.
• Plan awareness material for sessions for the stakeholders.
• Ensure data discovery exercise across the bank using automated techniques and create data flow diagrams for relevant departments across the bank.
• Ensure maintenance of an accurate inventory of all data assets and management of the entire lifecycle of data, from creation to deletion.
• Develop and implement data masking and anonymization strategies and use of encryption protocol to encrypt data before transmission.
• Ensure keys are generated using strong random number generators to prevent predictability and implement key rotation policies to periodically change keys and secrets.
• Designing and implementing a secure architecture for data storage, processing, and transmission.
• Evaluating and recommending security tools and technologies.
• Implementing and maintaining security standards and frameworks (e.g., ISO 27001, NIST Cybersecurity Framework, PDPL, PDPO, PCI).
• Manage daily operations of database activity monitoring (DAM) systems, ensuring continuous monitoring and alerting.
• Regularly review system logs and performance metrics.
• Track KPIs to measure DAM effectiveness and conduct regular risk assessments of database systems and create mitigation strategies.
• Regularly review database logs and reports to identify and address potential security incidents.
• Implement preventative measures to address recurring issues.
• Ensure database security configurations adhere to best practices and organizational policies.
• Conduct regular security audits.
• Lead enterprise-wide initiatives for data encryption at rest, in transit, and in use.
• Drive the design and implementation of data anonymization and masking strategies to protect PII, PCI, and other sensitive data across non-production environments.
• Collaborate with cross-functional teams including Application Development, Infrastructure, Legal, and Compliance to define and enforce encryption and data protection standards.
• Oversee vendor evaluation and integration of encryption key management and tokenization solutions.
• Establish governance models and control frameworks for effective implementation and monitoring of data anonymization processes.
• Drive any other projects related to Data Protection such as Insider Risk Management, enhanced security controls in Backup & Restoration, Data retention & Deletion, Data Discovery & Scans using Privacy Management solution.
• Provide effective governance of the projects through well-defined KPIs/KRIs.
• Collaborate with other teams in ISG to ensure effective implementation of the projects.
• Collaborate with Data Privacy team in reviews and assessments to cover overall Data protection requirements.
• Support with Data Protection Maturity Assessment and its continuous improvement.

Qualifications

• Graduate/Post Graduate degree in Science/Engineering/IT.
• Minimum 2 Professional certifications: CIPPE / CIPM / CIPT / CDPSE, CISA, CISM, PCI-QSA, CISSP, SABSA etc.
• 12+ years working experience in a large financial institution/bank with minimum 4 years’ experience within a compliance, legal, audit and/or risk function.
• Recent experience in data protection projects/implementation.
• Familiarity with advanced Data Privacy and Protection technologies, risk, threat and vulnerability assessments, and security measures.
• Strong experience and knowledge across the Data Privacy and Protection domains including governance, policy procedures, compliance management, risk management and Data Breach response.
• Comprehensive knowledge of Data Privacy and Protection regulatory and compliance requirements across various industries.

Company Description

The leading financial institution in MENA. While more than half a century old, we proudly think like a challenger, startup, and innovator in banking and finance, powered by a diverse and dynamic team who put customers first.

• Together, we pioneer key innovations and developments in banking and financial services.
• Our mandate? To help customers find their way to Rise Every Day, partnering with them through the highs and lows to help them reach their goals and unlock their unique vision of success.
• Delivering superior service to clients by leading with innovation, treating colleagues with dignity and fairness while pursuing opportunities that grow shareholders value.
• We actively contribute to the community through responsible banking in our mission to inspire more people to Rise.