To lead the Governance, Risk, and Compliance (GRC) vertical within Information Security by establishing and maintaining a robust information security governance framework. The role exists to ensure regulatory compliance, effective risk management, and continuous adherence to ISO 27001 and internal information security standards across the Bank.
Strategy and Planning
- Define and execute the Information Security GRC strategy aligned with enterprise risk management and regulatory expectations.
- Oversee the Bank-wide information security risk assessment framework, ensuring identification, measurement, and mitigation of information security risks.
- Provide strategic inputs to senior management on information security posture, key risks, and remediation priorities.
Policies, Processes & Procedures
- Manage Bank-wide information security risk assessments, including risk assessments for applications, platforms, and banking solutions.
- Oversee third-party information security risk assessments for vendors, partners, and service providers.
- Review and maintain data flow diagrams with business units and ensure adherence to data leakage prevention policies.
- Coordinate with internal stakeholders for timely closure of information security issues, audit observations, and regulatory findings.
- Support definition of security requirements for new platforms, applications, and digital initiatives.
- Provide governance oversight on data security, network security, and application security risks
People Management
- Lead and mentor the Information Security GRC team, ensuring strong governance capability and technical understanding.
- Build a culture of accountability, risk awareness, and compliance across the team
Education
Bachelor's degree in engineering (Electronics, IT, Computer Science, or related discipline)
At least one Certifications from following should be done. ISO 27001 LA / Implementer, CISA, CISM, CISSP
Experience
12+ years of experience in Information Security, GRC, or Technology Risk roles, preferably within banking or financial services
Hands-on experience in ISO 27001 implementation, maintenance, and audits
