Lead Security Engineer (10-15 yrs)

Lead, Information Security Governance, Risk & Compliance

Location : Remote

Experience : 10 -15 Years

Job Summary :

As the Lead, Information Security Governance, Risk & Compliance (GRC), you will be instrumental in driving the strategic alignment of information security practices with the banks overarching risk management strategy, compliance requirements, and robust governance frameworks. This pivotal role focuses on leading and executing comprehensive Information Security GRC initiatives to significantly strengthen the bank's security posture, ensuring continuous alignment with evolving regulatory mandates and critical business objectives.

You will achieve this through the establishment and refinement of effective processes, including meticulous risk tracking, vigilant compliance monitoring, robust Risk Control Self-Assessment (RCSA), thorough evaluation of exceptions, and the delivery of accurate and insightful reporting. You will ensure the right level of governance is consistently in place and champion continuous improvement in risk management processes, leveraging automation to streamline operations and enhance risk visibility across the Information Security Group through the strategic management of GRC solutions.

Key Responsibilities :

- Lead the development, implementation, and continuous improvement of the Information Security GRC framework, policies, standards, and procedures to ensure alignment with organizational strategy and regulatory requirements.

- Drive and manage information security risk assessments, including RCSA, identifying, evaluating, and prioritizing risks, and overseeing the development and tracking of effective mitigation strategies.

- Oversee and conduct ongoing compliance monitoring activities to ensure adherence to internal policies, industry regulations (e.g., ISO 27001, NIST, GDPR, PDPL), and legal obligations, particularly within the banking sector.

- Manage the lifecycle of information security exceptions, ensuring proper evaluation, documentation, approval, and tracking of deviations from security policies.

- Develop and deliver comprehensive and accurate GRC reports to senior management, risk committees, and relevant stakeholders, providing clear insights into the bank's information security risk and compliance posture.

- Leverage and manage GRC solutions and tools to automate processes, enhance risk visibility, streamline compliance monitoring, and improve overall efficiency of GRC operations.

- Collaborate strategically with various internal departments, including Legal, Compliance, Audit, IT Operations, and business units, to embed information security GRC principles throughout the organization.

- Foster a strong culture of information security awareness and compliance across the organization through communication, training, and strategic initiatives.

- Provide expert guidance and consultation on information security risks, controls, and compliance matters to project teams and business initiatives.

- Continuously monitor the threat landscape and regulatory changes, assessing their impact on the bank's security posture and GRC programs, and proactively adapting strategies as needed.

Required Skills and Qualifications :

- 10-15 years of progressive experience in the banking or financial services industry, with a minimum of 3 years dedicated to information security roles.

- Extensive experience in Information Security Governance, Risk, and Compliance (GRC), including practical application of risk assessment methodologies, control frameworks, and regulatory compliance.

- In-depth familiarity with key information security technologies, risk management principles, threat intelligence, vulnerability assessments, and robust security measures.

- Proven experience with leading governance, risk management, and compliance frameworks such as ISO 27001, NIST Cybersecurity Framework, GDPR, PDPL, and other relevant banking industry regulations.

- Hold at least two (2) active professional certifications from recognized bodies, such as CISA, CISM, CISSP, CRISC.

- Strong understanding of GRC solutions/platforms and experience in their implementation or management for process automation and reporting.

- Exceptional written and verbal communication skills, with the ability to articulate complex security and risk concepts effectively to both technical and non-technical audiences, including senior leadership.

- Demonstrated ability to manage multiple complex projects and priorities simultaneously, often under tight deadlines.

- Strong analytical, problem-solving, and decision-making abilities, with a keen attention to detail.

- Proven leadership qualities and ability to influence stakeholders at all levels.

Strategic Insight :

- Ability to translate complex technical information security risks into business terms and foster a proactive culture of security awareness and compliance within the organization.

- Strategic mindset focused on continuous improvement of the overall information security posture of the organization through proactive risk management and governance.

- Ensuring that information security risks are effectively identified, managed, mitigated, and reported in alignment with the bank's enterprise risk management framework