Information Security Risk & Reporting Manager

The Information Security Risk Management & Reporting Manager supports the development and execution of the bank’s information security risk management strategy. The role ensures cyber and information security risks are effectively identified, assessed, monitored, and reported in alignment with enterprise risk frameworks and business objectives. The position also drives automation and optimization of security risk processes through Governance, Risk, and Compliance (GRC) platforms, enabling centralized risk visibility, streamlined reporting, and stronger governance across the organization.

Responsibilities

• Define and manage the information security risk lifecycle in alignment with Enterprise Risk Management (ERM) and Operational Risk Management (ORM) frameworks.
• Support business and technology teams in risk-based decision making related to cyber and information security.
• Develop and implement risk appetite and risk management frameworks in collaboration with ERM and ORM teams.
• Ensure information security exceptions are documented, assessed, approved by risk owners, and tracked until closure.
• Identify, assess, and monitor cyber risks , ensuring effective documentation, reporting, and remediation tracking.
• Conduct cyber risk quantification to evaluate potential business impact using qualitative or quantitative methods.
• Develop and maintain a centralized cyber risk register to track risk status, remediation progress, and emerging threats.
• Promote adoption of cybersecurity best practices across teams and business units.
• Act as the business owner of the Information Security GRC platform , ensuring its effective use for governance, risk, and compliance activities.
• Enable automation of information security processes through GRC solutions, including dashboards, risk registers, and reporting capabilities.
• Manage relationships with GRC solution vendors , including requirements, licensing, contracts, and renewals.
• Ensure GRC tools are configured and integrated to meet the organization’s risk, compliance, and audit requirements.
• Monitor GRC platform performance , resolve issues, and ensure continuous system availability and usability.
• Develop training and guidance to support GRC platform adoption across the organization.
• Support CISOs and information security teams in regulatory audits, assessments, and reporting.
• Manage GRC Run-the-Bank and Change-the-Bank initiatives , ensuring timely delivery and proactive risk escalation.

Requirements

• 10+ years of experience in Information Security or Cyber Security, including 2–3 years managing GRC platforms or similar governance roles .
• Strong experience in information security governance, risk management, compliance, and cyber risk frameworks .
• Hands-on experience with GRC platforms such as RSA Archer, MetricStream, or similar solutions.
• Strong understanding of banking security frameworks and standards such as ISO 27001, NIST 800 series, PCI-DSS, SWIFT CSP, and COBIT.
• Experience in risk assessments, cyber risk quantification, and risk reporting in enterprise environments.
• Ability to interpret regulatory requirements and translate them into security controls and risk mitigation strategies.
• Strong analytical, stakeholder management, and communication skills , with experience working with senior leadership.
• Experience managing enterprise security initiatives and cross-functional projects .
• Master’s degree in Information Technology, Information Security, or a related field.
• Professional certifications such as CISA, CISM, CISSP, CRISC, or ISO 27001 LA/LI preferred.