Assistant Manager - Information Security

Job Purpose: This role in the Information Security and Data Privacy team supports Governance, Risk, and Compliance (GRC) activities. Key responsibilities include identifying and reporting security risks, assisting with compliance, contributing to security policy development, and collaborating with Technology to implement controls. The role helps maintain compliance with relevant standards and coordinates with other teams on application security and vendor risk management.

Key Responsibilities:

• Contribute to the development and execution of the Bank’s information security program, including internal risk assessments, compliance plans, and security initiatives.
• Support analysis and reporting of the Bank’s risk posture, providing insights on security risks and threats to stakeholders.
• Assist in implementing and maintaining regulatory security standards and frameworks; coordinate regular compliance reviews, audits, and documentation.
• Collaborate with Technology, Business, and external vendors to ensure effective deployment of security controls and management of security requirements.
• Participate in risk assessments, threat modeling, and monitoring activities across systems, applications, and third-party providers.
• Provide input on security requirements during technology projects and application development.
• Assist with remediation of audit findings, tracking progress on action items, and supporting closure of compliance gaps.
• Facilitate security awareness training, ensure supporting policies are up to date, and help drive a culture of compliance across the Bank.

Key Skills, Qualifications & Experience:

• Bachelor’s degree in computer science, information systems, or equivalent; MBA or MS in information security is a must.
• Certified in CISA, CISM, CISSP, CRISC, or COBIT 5 (mandatory)
• Blockchain/Web3 security certification (preferred)
• Minimum 8 years of professional experience, with at least 5 years in information security
• Experience developing and maintaining security policies, procedures, standards, and guidelines
• Familiarity with frameworks: NIST, ISO 27001, NESA, PCI-DSS, SWIFT CSP, ISO 22301, COBIT