Senior Manager – Regulatory Compliance.MGN Egy - Information Security Governance.Risk Management-MEGPCOE

Job PurposeThe Senior Manager- Regulatory Compliance plays a critical role in operationalizing governance, risk, and compliance (GRC) within the Information Security Group (ISG). Reporting to the ISG Compliance Lead, the role ensures effective regulatory compliance management across the bank.Key Responsibilities IncludeOwn centralized monitoring, interpretation, and governance of Information Security regulatory requirements, notices, and circulars, including automated regulator communications.Lead the Information Security compliance automation, regulatory watch forum, driving applicability decisions, ownership assignment, and implementation accountability.Oversee regulatory submissions, incident reporting, and audits to ensure timely response, consistency, and sustained audit readiness.This role is execution-focused, enabling processes and solutions that ensure compliance with internal standards and external regulatory requirements. By monitoring performance, closing gaps, and fostering a culture of security awareness, the position strengthens ISG’s resilience against emerging cyber risks.Key Result AreasGovernance, Risk & ComplianceEnsure adherence to internal policies, regulatory requirements, and industry standards.Identify, assess, and manage information security and compliance risks across IBG locations.Maintain compliance documentation and evidence for internal/external audits.IS Regulatory Compliance ManagementOversee the organization’s regulatory compliance with respect to information security. Work with different stakeholders, to ensure that all regulatory requirements with respect to information security are identified, documented and complied with.Conduct regular compliance assessments to identify and remediate compliance gaps.Develop and maintain a register of all information security regulatory obligations. Ensure that the register is regularly updated and reviewed. Be able to satisfy evidence and requirements request from internal auditors and external institutions to demonstrate compliance.Maintain and track all security compliance requirements for the IBG countries. Manage the IS regulatory calendar and ensure that all regulatory tasks are completed on time. Maintain compliance documentation and records.Respond to regulatory inquiries and audits with respect to information security. Govern regulatory mandated information security / cyber security regulations and standards across the regions including cyber security framework in NESA, SWIFT-CSP, PCI-DSS, DFS500, FFIEC, and HKMA-CRAF etc.Govern the IS Regulatory Watch Forum and provide regular reports on its activities and awareness to senior members of the bank on potential regulatory risk. Ensure that all policies and procedures, including the local security policy, are reviewed and confirmed to meet relevant regulatory requirements for IS compliance. Track internal and external audit issues related to IS compliance for IBG location. Develop compliance reports and dashboards for management review. Monitor the performance of IS Compliance services to ensure they meet established service level agreements (SLAs) and key performance indicators (KPIs).IS Compliance process, framework, SOP updating and maintenance.IS Regulatory Finding Management on GRC Solution.Ensure Compliance Management in RSA Archer.IS Compliance AutomationBe the owner of the bank’s GRC platform for ISG and oversee the management of the bank’s IS GRC solution. Oversee the administration, configuration, and maintenance of the GRC platform to ensure optimal performance and availabilityEnable centralized knowledgebase and GRC solution to automate Information Security activities and governance process with centralized compliance dashboards related to overall risk posture for specific location and business unit. Be part of the customization and selection of cyber security tools for streamlining and automating compliance activities.Automate the GRC functions and reduce manual efforts to provide near real time insights into risks by performing quantitative and qualitative assessments. Support local CISO’s / IS SPOCs in regulatory audit discussion and data required from ISG and enabling the local CISOs with RSA Archer access to onboard the open issues for centralized tracking and governance.Ensure that the solution is effectively used to support the organization’s information security compliance activities. Risk Control Self Assessments Ensure and maintain regular risk control self-assessments for Compliance and other IBG locations to identify and evaluate potential risks.Compile and analyze assessment results and prepare detailed reports with actionable insights and recommendations.Perform follow-ups to verify the effectiveness of implemented controls and risk mitigation measures.Operating Environment, Framework and Boundaries, Working RelationshipsOperating environment: All the locations where Mashreq Bank is operationalFrameworks: Information security policy manual, regulations, industry best practices and contractual requirements. Working Relationship: All Business, Governance, Enabling and Control groups. Essential KnowledgeKnowledge, Skills, and Experience10 -14 years of work experience, with,6–8 years’ experience in Information Security/GRC/Regulatory Compliance. 3–5 years in lead or managerial role with clear ownership and decision-making accountability. Strong experience in regulatory technology and regulatory automation. Degree/master’s degree in IT/Information SecurityProfessional certifications: CISA, CISM, CISSP, CRISC, ISO 27001 LA/LI (one or more). Familiarity with information security technologies, risk, threat and vulnerability assessments, and security measures. Experience with governance, risk management, and compliance frameworks (e.g., ISO 27001, NIST, GDPR, PDPL).Experience of working in the banking domain or with banking/payment industry clients. Skills And ApplicationProficiency in GRC tools and technologies and automationStrong communication and stakeholder management skills.Ability to manage multiple projects and priorities.Analytical and problem-solving skills with decision-making capability.Strategic InsightFoster a culture of security awareness and compliance within the organization.Drive continuous improvement in IS compliance posture.Ensure information security risks are effectively managed and mitigated.