Senior Manager – Data Privacy.MGN EGY - ISG - Information Security Program

Management:

• To Strategize, develop and implement Data Privacy/Protection Controls in coordination with stakeholders across the Organization globally.
• To ensure compliance of the Organization with the defined policy & framework with a data driven approach

Execution

• To ensure that the Privacy operations are executed effectively in a timely manner and with required quality
• Assists in the development and implementation of Data Protection strategic initiatives. Leads all Data protection related tasks with effective monitoring and protection of information security assets.

Senior Manager – Data Protection has overall responsibility to coordinate and support the Head of Data Privacy and Protection to achieve organization’s Protection strategy and goals. 

He/she is a T-Shaped expert with proven skills in most core capability areas of Data Protection and security: Policy, Governance, Protection Strategy & Program Management. 

Performance evaluation of the role will be based on the positive impact on the bank in terms of Data protection posture enhancement rather than the effort put in place

Policy and Documentation

• Creation of privacy policies, strategies, and procedures that align with Mashreq bank’s business objectives and regulatory requirements.
• Collaborate with the legal team to develop and update data protection policies, procedures, and guidelines. 
• Work with product teams to integrate privacy-by-design principles into the development lifecycle of gaming products and services. 
• Collaborating with cross-functional teams to support data privacy strategies and ensuring that the policy impacted processes, practices and systems are compliant with the applicable data privacy regulations.
• Implementing Mashreq bank’s approach to data privacy as it applies to our internal and business practices in Asia and other geographies.

Privacy Impact Assessment

• Conduct DPIAs to identify and mitigate risks associated with data processing activities, particularly those involving personal data. 
• Guide product teams on implementing measures to minimize privacy risks. 
• Document action plans to address identified privacy risks and maintain an up-to-date privacy risk register.

Consent Management

• Enable universal consent management oversight
• Ensuring consent being recorded and mapping with jurisdictional requirements
• Migration of old consent to new preference center

Data Subject Rights Management

• Develop workstream for handling Data Subject Rights
• Periodic monitoring of the Grievance redressal mailbox
• Ensure Request Facilitation with documentation & Response.
• Validation of Data Subject rights form
• Monitor closure of Dat Subject Rights request

Incident Management

• Act as the point of contact for data protection incidents and breaches, coordinating response efforts and ensuring timely reporting to relevant authorities and affected individuals. 
• Ensure collaboration with cross-functional teams to investigate incidents, assess impact, and implement remediation measures. 
• Establish a procedure for ensure statutory reporting
• Ensure establishment of responding to data principals in case of Data Breach

Compliance            

• Stay up to date with relevant data protection laws and regulations in India and other jurisdictions where we operate. 
• Lead our data processing activities comply with applicable laws, including but not limited to the Personal Data Protection Law (PDPL), GDPR, and other relevant regulations. 
• Conduct periodic assessments and audits to identify and address compliance risks. 
• Lead privacy training programs for employees to build a privacy-centric culture and ensure a deep understanding of privacy practices throughout the organization.
• Developing, implementing, and driving organization's privacy projects and strategies and managing privacy compliance programs.
• Support across all stages of implementation including review, preparation, storage and transfer and legal readiness. 
• Regularly reviewing and evaluating compliance processes to guarantee best practice across all areas of the organization ensuring appropriate monitoring and auditing processes are effectively implemented.
• Assisting in managing data subject requests, including requests for access, rectification, erasure, and restriction of processing.

General

• Act as the point of contact for internal and external data protection audits
• Lead and manage cross-functional meetings to align teams on data privacy objectives and facilitate discussions.
• Exhibit strong presentation skills to convey concepts and initiatives clearly to internal and external stakeholders. 

Tools & Technologies

• Understand the requirements of the bank and prepare a list of tools (Privacy Enhancing Technologies) required for automating privacy operation.
• Incorporate skills sets of implementing PET operations to enhance compliance with privacy required.
• Regularly review the effectiveness of the PET on the required privacy control.

• Graduate/ Post Graduate degree in Law, information security or a related field.
• Minimum 1 Professional certification: CIPPE / CIPM / CIPT / CDPSE.
• 10+ years Information Security experience in large financial institution/ banks in Middle East and/or EU data privacy laws/projects. Minimum 5 years’ experience within a compliance, legal, audit and/or risk function, with recent experience in privacy compliance projects/implementation.
• Experience in Middle East and/or EU data privacy laws/projects. 
• Experience in developing policy, establishing governance models, and imparting compliance training. 
• Experience working in a regulated industry.
• Strong knowledge of regional and EU/Regional data privacy and data protection regulation/s, and a good understanding of other major privacy frameworks and evolving legislation worldwide.
• Strong knowledge of multiple privacy regulation like GDPR / PDPO / PDPL etc.
• Experience in conducting PIA’s, DPIA’s and managing privacy risks.
• Experience working with privacy management tools such as One Trust, Securiti.ai or similar platforms.
• Exceptional communication and interpersonal skills, with the ability to effectively communicate complex privacy concepts to both technical and non-technical stakeholders.
• Sound understanding of major privacy frameworks and evolving legislation worldwide.
• Demonstrate knowledge and experience in evaluating and implementing privacy enhancement tools (PET) and technologies. 
• Knowledge of information technology and data management systems.
• Sound understanding of international Banking Business and related systems.                                                                                                                                                                                                                                                                               
• Ability to undertake projects, develop alternative methods to complete them, and implement solutions.

Ability to collaborate with all IT teams on security-related incidents, tasks, and projects.