Senior Manager, Security Governance & Compliance

Description

Operating in the UAE for over 50 years, CBD manages the financial requirements of some of the largest corporates and businesses operating in the country, driving the UAE economy. Over the years, CBD has transformed into a progressive and modern banking institution winning multiple awards for its digital initiatives, credit cards, bank accounts, mobile app features and services.

CBD has been recognized as the number one bank in the UAE on the Forbes list of The World’s Best Banks 2022.

As we continue to build upon our successes, we are looking for ambitious individuals who are passionate about the banking and finance industry and the markets in which CBD operates. Just as important to us is your ability to demonstrate a talent for dealing with people - your colleagues and our customers - and delivering service that really goes the extra mile.

Job Purpose

Lead CBD's security initiatives and ensure the confidentiality, integrity and availability of our IT infrastructure. This role is critical in supporting the CISO office and safeguarding the bank's data, systems, and reputation. The ideal candidate will have a strategic mindset, strong leadership abilities, and a deep understanding of Security Governance & Compliance.

Principle Accountabilities

• Develop, implement and maintain a comprehensive security governance framework that aligns with the bank's strategic objectives.
• Develop and maintain a risk management program to address identified risks.
• Develop aggregated security control & risk data reporting.
• Establish and enforce security policies, standards, and procedures.
• Develop and deliver training programs to raise information security awareness among employees.
• Ensure compliance with relevant regulations and industry standards/certifications, including UAE-specific requirements. (ISO27001, NIST, PCI-DSS, NESA, UAE-IA, SWIFT etc.)
• Conduct risk assessments and vulnerability analysis to identify potential threats (ISMS/Projects/Change/Thematic).
• Conduct threat modelling as part of DevSecOps and other change activity.
• Develop a robust third-party security assessment process covering all stages on supplier life cycle.
• Lead the design and architecture of secure IT systems and networks (Inc. AI/LLM implementation).
• Evaluate and recommend security technologies and solutions to enhance the bank's security posture.
• Oversee the integration of security controls into new and existing systems.
• Collaborate with IT and business units to ensure security is embedded in all projects and initiatives.
• Develop and maintain an incident response plan to address security breaches and incidents.
• Support the incident response team in investigating and resolving security incidents. (24/7 rota with leadership team)
• Conduct post-incident reviews and implement lessons learned to improve security measures.

Requirements

Experience and Qualifications

• Minimum of 12 years of experience in information security within the banking industry, with at least 3 years in a leadership role.
• Strong knowledge of security frameworks (e.g., ISO 27001, NIST).
• Experience with security architecture and design (Inc. AI/LLM Implementation).
• Excellent understanding of regulatory requirements (e.g., GDPR, PCI-DSS, UAE-specific regulations).
• Experience of Threat Modelling (MITRE ATT@CK, STRIDE, OWASP etc).
• Bachelor’s degree in computer science, Information Security, or a related field
• Relevant certifications (e.g., CISSP, CISM) are highly desirable.

Skills

• Proven ability to manage and lead a team.
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills.
• Skills in IT Governance, Risk Management (risk assessments) and Compliance
• Strong investigative and interpretive skills.