Information Security – Cyber Organization Alignment & Compliance

Job Title:

Information Security – Cyber Organization Alignment & Compliance Department:

Information Security / Cyber Security Location: REMOTE Duration:

6 Months Reporting To:

Head of Information Security / Cyber Security Governance Job Purpose The Information Security Cyber Organization Alignment & Compliance role is responsible for aligning information security practices with the bank’s enterprise risk management strategy, governance framework, and regulatory compliance obligations. This role drives Information Security Governance, Risk, and Compliance (GRC) initiatives to strengthen the bank’s security posture while ensuring alignment with regulatory expectations and business objectives. The position ensures effective governance through risk tracking, compliance monitoring,

Risk Control Self-Assessments (RCSA ), exception evaluation, and accurate reporting, while continuously improving risk management processes. Key Result Areas 1. Governance, Risk & Compliance Ensure compliance with internal policies, regulatory requirements, and industry standards. Identify, assess, and manage information security risks in collaboration with business units. Monitor adherence to internal and external compliance obligations. Perform risk trend analysis and produce executive reports. 2. Policy Exception Management Develop and maintain a comprehensive policy exception management process, including documentation, approvals, and expiry tracking. Ensure exceptions are documented, reviewed, and approved per organizational standards. Conduct risk assessments for policy exceptions and evaluate compliance/security impact. Define compensating controls and ensure timely closure of exceptions. Monitor and periodically review approved exceptions to identify gaps and improvements. 3. Risk Control Self-Assessments (RCSA) Coordinate periodic RCSAs across business units to identify and evaluate risks. Analyze results and prepare reports with actionable recommendations. Follow up on mitigation actions to verify effectiveness of implemented controls. 4. Offshoring Reporting & Risk Oversight Maintain accurate reporting of offshoring activities. Ensure compliance with regulatory reporting requirements. Establish streamlined reporting mechanisms for internal and external stakeholders. Assess risks associated with offshore arrangements and ensure appropriate controls. 5. ISG Service Portfolio Management Develop and maintain an Information Security service catalog aligned with business needs. Monitor service performance against SLAs and KPIs. Ensure services evolve with technology advancements and business priorities. 6. Compliance Management Oversee implementation and management of information security compliance. Identify regulatory obligations and ensure appropriate compliance actions. Track compliance incidents and exceptions through GRC systems and ensure resolution. Operating Environment & Working Relationships Environment:

All operational locations of the bank. Frameworks:

Information security policies, regulatory requirements, industry standards, and contractual obligations. Stakeholders:

Business units, governance teams, risk & compliance, audit, technology teams, and control functions. Problem Solving Enable frameworks and processes for proactive risk management. Interpret regulatory requirements and determine applicability and compensating controls. Assess residual risks using defense-in-depth and systemic risk considerations. Decision-Making Authority & Responsibilities Provide recommendations to mitigate information security risks aligned with risk appetite. Validate adequacy of controls against policies and regulatory requirements. Ensure compliance with regulatory expectations and prevent penalties. Confirm effectiveness of security controls and risk mitigation measures. Knowledge, Skills & Experience:

Essential Knowledge 10+ years of experience in a banking environment. Minimum 3+ years in information security or cyber risk management. Knowledge of risk assessment, threat & vulnerability management, and security controls. Experience with GRC frameworks (ISO 27001, NIST, GDPR, PDPL). Professional certifications preferred:

CISA, CISM, CISSP, CRISC . Skills & Competencies Strong communication and stakeholder management skills. Ability to manage multiple priorities and projects. Proficiency in security governance tools and technologies. Strong analytical and reporting capabilities. Strategic Insight Promote a culture of security awareness and compliance. Continuously enhance the organization’s security posture. Ensure effective identification, management, and mitigation of information security risks.