Assistant Vice President, Data Privacy.MGN Egy - Information Security Governance.Risk Management-MEGPCOE

Management:

• To strategize, develop, and implement the data protection program in coordination with senior leadership across the organization.
• To ensure the organization's compliance with the defined policies, procedures, and initiatives to protect data across all business units.

Execution

• To ensure that data protection operations are executed effectively, in a timely manner, and with the required quality.
• To conduct necessary assessments and evaluations to identify and manage risks associated with data Processing activities.

The AVP – Data Protection role will define, manage, and govern the Data Protection such as DLP operations, Database Activity monitoring,  Data Encryption, Data Retention, Backup management, etc. as well as support in the organization’s privacy and security goal achievements.

He/She should be able to demonstrate proven skills in core capability areas of Data Privacy and Information Security and should be able to drive security-related programs review policies/procedures and embed security awareness across the organization. Performance evaluation of the role will be based on the positive impact on the organization in terms of security posture enhancement.  

Technical Roles

Policy & Standards: 

• Develop, implement, and maintain data protection policies, procedures, and standards-aligned with industry best practices and regulations.
• Define data classification schemes, data ownership models, and data lifecycle management practices. 

Risk Management: 

• Assist with the investigation of privacy and security breaches, and with any associated disciplinary, legal and remedial matters as necessary.
• Monitor and report on risk exposure and the effectiveness of risk management strategies.
• Identify and mitigate risks related to data management and governance, including data breaches and compliance violations.
• Conduct regular audits and assessments to evaluate the effectiveness of data governance policies and practices.

Compliance & Assurance: 

• Own and constantly review all the global data protection compliance arrangements to include updating policies, and guidelines, centralizing processes, and putting in place robust, time-bound remedial plans where necessary.
• Inform and advise Mashreq on applicable data protection laws and its requirements, liaising with local support as required.
• Ensure regulatory compliance and provide regular reporting and assurance to senior management on program effectiveness; participate in audits.

Training & Awareness: 

• Provide training and guidance to employees on data privacy and governance principles, policies, and procedures.
• Raise awareness of data privacy principles, data management best practices and their importance to business operations

Tools and Technologies

• Evaluate and implement data privacy and data protection tools and technologies that enhance data management capabilities.
• Work closely with IT teams to ensure data privacy and protection principles is integrated into data architecture and system design.
• Integrating new AI technology to accelerate Mashreq’s Data Privacy and Protection journey.

Operational Roles

Program Oversight: 

• Lead and direct Mashreq Bank's data protection program (excluding DPO responsibilities), overseeing subordinate managers responsible for backup/restore, database activity monitoring, and data leakage prevention/insider threat.
• Define data governance objectives, priorities, and key performance indicators (KPIs).
• Ensure alignment with regulatory requirements, industry standards, and best practices

Technology & Budget Strategy: 

• Develop and implement a data protection technology strategy, including selection, implementation, and management of security tools and technologies; ensure seamless integration with IT systems.
• Develop and manage the data privacy and protection program budget[DS1]  

Team Leadership: 

• Manage and mentor data protection team members, fostering collaboration and high performance.
• Establish mechanisms for governance oversight, including regular reviews and audits. 
• Monitor compliance with data governance policies and assess effectiveness of controls. 
• Ensure regular data governance reports, dashboards, and metrics to senior leadership. 

Continuous Improvement: 

• Monitor program effectiveness, identify improvement opportunities, and stay updated on emerging threats and best practices.
• Ensure that systematic compliance audits are undertaken and that their findings are reported and acted upon.

Stakeholder Management: 

• Liaise with other Business functions as necessary on cross-departmental data privacy Matters.
• Build, mentor, and lead a high-performing incident response and data protection team.

Communicate effectively with senior management, IT, and other stakeholders, ensuring alignment on data protection 

• Have over 15+ years  of rich experience in data protection and information security domain.
• Experience of managing enterprise Data Protection projects and of direct and in-direct relationship with senior and executive management.
• Familiarity with advanced Data Privacy and Protection technologies, risk, threat and vulnerability assessments, and security measures. 
• Strong experience and knowledge across the Data Protection and Information Security domains including technical measures, policy procedures, compliance management, risk management and Incident Response etc.
• Comprehensive knowledge of Data Protection regulatory and compliance requirements across various industries and how they influence the bank's DPP strategy. 
• Extensive knowledge of data protection solutions and technologies for Data Loss and leakage Prevention (DLP). Experience implementing and managing (DLP) solutions.
• Strong experience in Banking environment with strong understanding on key data protection regulations and standards such as ISO 27001, NIST CSF, GDPR etc.  

Skills and Application 

• Leads the development and implementation of comprehensive Data Protection strategies that address identified risks and compliance requirements, incorporating advanced technologies and methodologies to enhance security posture.
• Manages cross-functional teams to execute Data Protection initiatives, ensuring that projects are completed on time, within budget, and achieve desired outcomes.
• Oversees the bank's incident response plan, ensuring it is regularly updated and tested to respond effectively to incidents.

Strategic Insight

• Integrates Data Protection and Information Security considerations into broader bank’s strategies, recognizing the importance of Data Protection in achieving business objectives and competitive advantage.
• Communicates the strategic value of Data Protection and Information Security investments to executive leadership and key stakeholders, advocating for resources and support to strengthen the organization's capabilities.
• Cultivates an organizational culture that prioritizes Data Protection, encouraging proactive security practices and continuous improvement across all departments. Strong interpersonal, analytical, and technical skills with strong decision making and prioritization skills. 

Other

• Sound knowledge of evolving advanced tech stacks and related control and risk universe from a data protection perspective.
• Sound knowledge and expertise in conducting risk assessment and management.
• The ideal candidate will have a degree in Information Security, Computer Science, or a related field.

Professional certifications : CISSP, CEH, CCSP, CompTIA Security+,  CIPT , CISM etc