AVP, Cyber Resilience.MGN EGY - ISG - Information Security Program.Risk Management-MEGPCOE

we’re at the forefront of protecting digital ecosystems. As our AVP of Cyber Resilience, you’ll play a critical role in defining and implementing strategies to safeguard our operations and data, ensuring we remain resilient in an ever-evolving cyber landscape. will be responsible for thought leadership, envisioning, planning, and managing our organization's cyber resilience strategies and ensure the continuity and security of our digital operations. 

Lead organization’s efforts in ensuring the cyber resilience of our digital infrastructure. This role involves developing and implementing strategies to prevent, mitigate, and recover from cyber incidents, ensuring business continuity and minimizing the impact of cyber threats . This role requires a strong understanding of business continuity, disaster recovery, and cybersecurity principles

The responsibilities will include 

• Lead cutting-edge initiatives to enhance our organization’s cyber resilience.
• Collaborate with diverse teams to create innovative, sustainable solutions.
• Shape policies and frameworks that will impact organization globally.

• Strategy Development: Formulate a comprehensive cyber resilience strategy by assessing organizational goals, potential threats, and regulatory requirements. This involves setting long-term objectives, defining key performance indicators (KPIs), and ensuring that the strategy is aligned with the overall business strategy.
• Risk Management: Identify, assess, and prioritize cyber risks that could impact the organization. Develop risk mitigation plans and continuously monitor the risk landscape to adapt strategies as needed. This includes conducting regular risk assessments and audits.
• Incident Response: Create and oversee the execution of incident response plans that ensure quick recovery and minimal disruption in the event of a cyber incident. This involves establishing a response team, conducting drills, and ensuring communication protocols are in place.
• Policy Creation: Develop, implement, and review policies and procedures related to cyber resilience. Ensure that these policies comply with legal and regulatory standards and are effectively communicated to all employees. Regularly update policies to reflect evolving threats and best practices.
• Team Leadership: Lead and mentor the cyber resilience team, fostering a culture of continuous improvement and collaboration. This involves recruiting and training team members, setting clear expectations, and providing ongoing support and development opportunities.
• Business Continuity: Ensure that business continuity and disaster recovery plans for Cyber security processes and tools are in place and regularly tested.
• Collaboration: Work closely with Technology, Operational risk, Business continuity, Disaster recovery, legal, compliance, and other departments to ensure a coordinated approach towards cyber resilience.
• Training and Awareness: Develop and deliver training programs to enhance the organization’s cyber resilience awareness and capabilities.

Monitoring and Reporting: Continuously monitor the effectiveness of cyber resilience measures and provide regular reports to senior management and regulators 

• A forward-thinker with a proven track record in cybersecurity leadership.
• Expertise in risk management, incident response, and emerging technologies.
• A passion for staying ahead of cyber threats and driving positive change.
• Data Analysis: Ability to analyze complex datasets to identify patterns, anomalies, and potential threats. Identify, evaluate, and recommend resilience solutions for cyber processes
• Root Cause Analysis: Proficiency in identifying the root causes of security incidents and vulnerabilities to prevent future occurrences.
• Risk Assessment: Capability to assess risks accurately and prioritize them based on potential impact. Ability to identify appropriate cyber resilience risks and analyze for determining a risk treatment/remediation based on Mashreq’s risk appetite.
• Have over 12+ years of rich experience in information security domain and at least 8 years of dedicated experience in Cyber Security or Cyber resilience
• Knowledge of cyber resilience frameworks (e.g., NIST CSF, ISO 27001) 
• Experience in defining and reporting metrics, KPIs and KRAs for cyber resilience.
• Experience of managing enterprise Cyber Resilience and of direct and in-direct relationship with senior management.
• Familiarity with advanced resilience solutions, risk, threat and security measures. 
• Knowledge across the Cyber Resilience domains including governance, control frameworks, policies, compliance management, risk management and incident response etc.
• Comprehensive knowledge of regulatory and compliance requirements across various industries and how they influence the bank's Information Security strategy.