Manager Security Governance And Compliance

Operating in the UAE for over 50 years, CBD manages the financial requirements of some of the largest corporates and businesses operating in the country, driving the UAE economy. Over the years, CBD has transformed into a progressive and modern banking institution winning multiple awards for its digital initiatives, credit cards, bank accounts, mobile app features and services.

CBD has been recognized as the number one bank in the UAE on the Forbes list of The World’s Best Banks 2022.

As we continue to build upon our successes, we are looking for ambitious individuals who are passionate about the banking and finance industry and the markets in which CBD operates. Just as important to us is your ability to demonstrate a talent for dealing with people - your colleagues and our customers - and delivering service that really goes the extra mile.

Principal Accountabilities:

Security Governance & Compliance

Strategic Framework Development: Design, implement, and continuously enhance a comprehensive information security governance framework that aligns with the bank’s strategic goals, regulatory obligations, and risk appetite.

Security Metrics & Reporting: Develop and maintain dashboards and reporting mechanisms that aggregate security control effectiveness, risk posture, and compliance status across the organization.

Policy Management: Establish, review, and enforce enterprise-wide security policies, standards, and procedures to ensure consistent implementation and adherence.

Awareness & Training: Lead the development and delivery of targeted security awareness programs, including phishing simulations, role-based training, and executive briefings to foster a culture of security.

Regulatory Compliance: Ensure ongoing compliance with international and UAE-specific regulatory frameworks and standards such as ISO/IEC 27001, NIST, PCI-DSS, NESA, UAE IA, SWIFT CSP, and others.

Security Assurance

Risk & Vulnerability Management: Conduct comprehensive risk assessments and vulnerability analyses across various domains including ISMS, projects, change initiatives, thematic reviews, and third-party engagements.

Threat Modelling & DevSecOps Integration: Implement threat modelling practices within the software development lifecycle and change management processes to proactively identify and mitigate risks.

Third-Party Risk Management: Oversee a robust third-party security assessment program that spans the entire supplier lifecycle—from onboarding and due diligence to ongoing monitoring and offboarding.

Collaboration & Strategic Engagement

Cross-Functional Integration: Partner with business units, IT, legal, compliance, and risk teams to embed security into business processes, digital transformation initiatives, and strategic projects.

Security Advocacy & Thought Leadership: Stay abreast of emerging threats, technologies, and industry trends. Share insights with internal stakeholders and contribute to the bank’s strategic security roadmap.

Requirements:

Experience & Qualifications:



Bachelor’s degree in computer science, Information Security, or a related field

Relevant certifications (e.g., CISSP, CISM) are highly desirable.

Minimum of 8 years of experience in information security within the banking industry.

Strong knowledge of security frameworks (e.g., ISO 27001, NIST).

Experience with security architecture and design (Inc. AI/LLM Implementation).

Excellent understanding of regulatory requirements (e.g., GDPR, PCI-DSS, UAE-specific regulations).

Experience of Threat Modelling (MITRE ATT@CK, STRIDE, OWASP etc).

Proven ability to manage and lead a team.

Strong analytical and problem-solving skills.

Excellent communication and interpersonal skills.