Advansys is a dynamic solutions provider focused on delivering smart, modular, and sustainable technology solutions that enhance operations, improve customer experiences, and drive business modernization. With over 400 skilled engineers, we serve 100+ enterprise customers across 14 countries. Specialized in a wide array of premium services including Business Automation, Industrial Digitization, Low code Development, Cloud Services, Warehouse Automation & Strategic Outsourcing.
Founded in 2014, Advansys is part of the INTRO Group, a private conglomerate established in 1980 with diverse investments across different business areas, oil and gas, real estate, specialized engineering, financial investment, Food & manufacturing.
Job Purpose:
The role is pivotal in ensuring robust governance, risk management, and compliance within the Information Security Group (ISG). Key responsibilities include managing policy exceptions, automating Governance, Risk, and Compliance (GRC) functions, conducting Risk Control Self-Assessments (RCSA), and overseeing ISG service portfolio management. These activities collectively support the ISG's strategic objectives and contribute to maintaining a secure and compliant operational environment.
Enable required process and solution to effectively and efficiently manage information security and regulatory compliance for international operations.
Track compliance with IS Compliance standards and regulatory expectations on IS frameworks for international operation. Liaise with ISG unit heads and IBG SPOCs to ensure the security services for IBG is delivered as per local compliance requirement.
In regulatory compliance management, the role focuses on developing and maintaining processes for handling exceptions, ensuring compliance, and conducting regular reviews. Compliance function automation aims to streamline compliance activities, reduce manual efforts, and provide real-time insights into risks and compliance statuses, enhancing operational efficiency.
By monitoring performance, driving improvements, and fostering a culture of continuous improvement and security awareness, the role enhances ISG's overall efficiency and effectiveness, ensuring the organization's resilience in the face of emerging security challenges.
Job Description:
Governance, Risk, Compliance:
- Ensure compliance with policies, regulatory requirements, and industry standards.
- Identify, assess, and manage information security risks.
- Ensure adherence to internal and external compliance requirements.
IS Regulatory Compliance Management:
- Oversee the organization's regulatory compliance with respect to information security.
- Ensure that all regulatory requirements are identified, documented, and complied with.
- Oversee and assure compliance to Cyber Security Frameworks of various Central Banks including HO and International operations.
- Develop and maintain a register of all information security regulatory obligations. Ensure that the register is regularly updated and reviewed.
- Monitoring, internal compliance reviews to ensure IS control compliance.
- Maintain and track all security compliance requirements for the IBG countries.
- Manage the IS regulatory calendar and ensure that all regulatory tasks are completed on time.
- Identify frequency based regulatory requirements related to ISG from HO and International regions, develop and release an annual regulatory activity calendar on GRC solution for effective tracking and governance.
- Govern all regulatory submissions related to information security/ cyber security across the regions with supporting data required from ISG.
- Govern regulatory mandated information security / cyber security regulations and standards across the regions including cyber security framework in India, Kuwait, Egypt, NESA, SWIFT-CSP, PCI-DSS, DFS500, FFIEC, and HKMA-CFI etc.
- Govern the IS Regulatory Watch Forum and provide regular reports on its activities and awareness to senior members of the bank on potential regulatory risk.
- Review policies and procedures and confirm they meet regulatory requirements.
- Ensure local security policy covers all local regulatory requirements related to IS compliance.
- Translate the requirements into actions by different parties to be implemented to ensure IS compliance.
- Develop processes and mechanisms to report compliance posture for IBG countries.
- Ensure Compliance with regulatory mandates related to national/regional security frameworks for IBG.
- Enable IS compliance governance for IBG for ISG related activities status tracking and reporting.
- Track internal and external audit issues related to IS compliance for IBG location.
- Develop compliance reports and dashboards for management review.
- Monitor the performance of IS Compliance services to ensure they meet established service level agreements (SLAs) and key performance indicators (KPIs).
- IS Compliance process, framework, SOP updating and maintenance.
- IS Regulatory Finding Management on GRC Solution.
- Ensure Compliance Management in RSA Archer.
IS Compliance Automation:
- Be the owner of the bank's GRC platform for ISG and oversee the management of the bank's IS GRC solution.
- Oversee the administration, configuration, and maintenance of the GRC platform to ensure optimal performance and availability
- Enable centralized knowledgebase and GRC solution to automate Information Security activities and governance process with centralized compliance dashboards related to overall risk posture for specific location and business unit.
- Cyber Security Continuous Compliance Automation and Continuous Control Monitoring for enhancement in monitoring and reporting.
- Automate the GRC functions and reduce manual efforts to provide near real time insights into risks by performing quantitative and qualitative assessments.
- Support local CISO's / IS SPOCs in regulatory audit discussion and data required from ISG and enabling the local CISOs with RSA Archer access to onboard the open issues for centralized tracking and governance.
- Ensure that the solution is effectively used to support the organization's information security compliance activities.
Physical Security Assessment:
- Perform Physical security assessments, spot checks in all Mashreq offices, branches & Data Centers in UAE.
- Ensure that all gaps are identified and confirm that all are remediated on time.
Risk Control Self Assessments
- Ensure and maintain regular risk control self-assessments for Compliance and other IBG locations to identify and evaluate potential risks.
- Compile and analyze assessment results and prepare detailed reports with actionable insights and recommendations.
- Perform follow-ups to verify the effectiveness of implemented controls and risk mitigation measures.
Requirements
- Should have over 8-12 years of rich experience in information security domain and at least 2-3 years of dedicated experience in Risk and Compliance).
- Master's degree in IT/Information Security
- Professional certifications: CISA, CISM, CISSP, CRISC, ISO27001 LA/LI etc. Familiarity with information security technologies, risk, threat and vulnerability assessments, and security measures.
- Experience with governance, risk management, and compliance frameworks (e.g., ISO 27001, NIST, GDPR, PDPL).
- Experience of working in the banking domain or with banking/payment industry clients.
If you are eager to grow and work on cutting-edge projects, we would love to hear from you!
