Senior Manager Information Security

Job Purpose:

The Governance, Risk & Compliance Manager is responsible for establishing, managing, and continuously improving the organization’s information security governance, risk management, and compliance framework. The role ensures alignment with regulatory requirements, industry standards, and business objectives, while providing strategic oversight, leadership, and assurance to senior management

Responsibilities:

• Support the execution of internal and external information security audits in collaboration with the Team lead.
• Interpret and implement regulatory requirements and liaise with internal teams to ensure compliance.
• Facilitate coordination between business and technical teams to conduct comprehensive security reviews.
• Work with stakeholders to recommend and track risk mitigation measures, ensuring timely closure of identified gaps/observations.
• Maintain and oversee the information security risk register.
• Define and maintain risk management framework including risk assessment methodology and risk appetite alignment
• Coordinate with IT/security teams for mitigation strategies.
• Assist TL in preparation of reports/presentations for management reporting and ITSC/BITC.
• Lead and support the development, implementation, and continuous improvement of information security policies, procedures, and governance frameworks to ensure alignment with industry standards and regulatory requirements.
• Define and monitor KPIs/KRIs to measure effectiveness of security controls and risk posture
• Ensure organizational policies, processes, and operations achieve full compliance with SBP regulatory requirements, while maintaining alignment with cross‑border regulations.
• Oversee cyber security and information security (NESA Compliance) programs.
• Lead risk assessments and ensure compliance of vendors with security requirements
• Assist in finding technical gaps/weaknesses in BAFL environment through gap assessment exercise.
• Lead, and manage the IS GRC team in absence of Team Lead
• Manage risk acceptance process and ensure proper approval from the management
• Conduct cybersecurity awareness sessions bi-annually for employees to enhance their knowledge of security best practices, helping them recognize and prevent social engineering threats such as phishing, and promoting safer digital behavior
• Coordinate and manage regulatory inspections and ensure timely closure of observations