Reporting to the Head of Information Security Cyber Defense Operations. The threat defense operations lead is responsible for the creation of detection logic and the maintenance of data source containing information on indicators, correlations, and existing detection logic. The employee works closely with information security teams, Information Technology Department (ITD) and other business departments to identify data sources, develop customized SIEM use cases, and advise on SIEM configuration.Work closely with ITD to review alerts generated by detection infrastructure, specifically false positive alerts.Analyze threat information gathered from internal and external sources such as generated logs, Intrusion Detection Systems (IDS), intelligence reports from Cyber Threat Intelligence, and relevant vendor site.Custom/unsupported devices integration with Sentinel SIEM and use cases creation.Content / Use Case creation on SIEM to cover all stages of MITRE.In collaboration with other members of information security, identify and hunt for threat actor groups, related tools, techniques, and procedures (TTPs) and Indicators of Compromise (IOCs)Create detection logic tailored to the Group threat landscape using industry-specific intelligence and developed use cases in the form of threat rules and signatures.Work closely with ITD to add data sources and advise on SIEM configuration.Operationalize the identified Indicator of Compromise by testing and overseeing the deployment of SIEM monitoring and alerting rules.Support Cyber Threat Intelligence and IS Risk Management teams by providing them with the adequate threat landscape context to be reflected within group threat and risk management activitiesWork with Threat Analysts to identify and recommend new internal and external data sources to leverage for developing additional threat detection logic.Creation of customized reports and dashboards for presentation to various stakeholders.Ability to perform analysis of logs from various devices and develop SIEM use cases considering evolving threat landscape for anomaly detection

The purpose of the Senior Data Privacy and Governance role is to ensure its customer’s data privacy, oversees the governance of data within the organization and meets the local and international privacy and data governance laws, regulations and requirements through globally accepted processes, technologies, governance and skillsets.The Senior Data privacy and Governance will Report to Data protection Officer and will act as Deputy DPOThe role will support to identify, assess and manage the data privacy and governance risk exposure and ensure that necessary controls (legal, compliance, information security, data processing, information technology) are implemented to mitigate financial (fines and loss of business) and reputational risks (resulting from a failure to protect customers privacy and data privacy breaches incidents) and improve data used for decision-making.The role is critical to ensure an appropriate, sustainable data privacy and governance strategy and internal capabilities to support current and future data privacy and governance needs.Act as Deputy Data protection officer as assigned by the CISOExecute and manage the DPIA assessments and its operational working across business , IT and Cyber security teamsAccountable for the delivery of Privacy budget approved projects on time and quality to meet Data governance and Privacy plansCreate and manage the Privacy controls framework , design monitoring metrics for risk and performanceEffectively manage Data privacy and Data governance frameworks to integrate and operate under the enterprise risk framework inclusive of creation of practical Risk appetite for Privacy and Data governanceResponsible for maintaining and seeking approvals for Roles and responsibilities Matrix of Privacy framework and Data governance frameworkOversee by monitoring the Subsidiaries and International business compliance to laws and regulations related to Data Privacy and Data governanceDevelop and execute data privacy and data governance plan as approved by the CISOEstimate and manage the budget allocated for data privacy and data governancePlan and implement the required central data privacy controls to achieve full compliance with regulatory requirements (e.g. GDPR)Ensure that enterprise data assets are governed by comprehensive data management approaches, governance models, frameworks, and methodologiesApprove data privacy and data governance exception requests and recommend appropriate actions as necessaryAssess implemented data privacy and governance controls effectiveness and compliance levels and propose mitigations and controls to address identified gapsEstablish data quality guidelines and metrics, and regularly monitor and report on data quality issues to stakeholders.Assist efforts to identify, classify, and document sensitive data, ensuring compliance with data privacy regulations such as GDPR, CCPA, etc.

Reporting to the Head of IS Third Party Security. Third-Party Security Risk Manager is responsible for managing and overseeing Third Party risk management and assist in the review and maintenance of the third-party risk management framework to cater for the Group’s needs and requirementsProven track record and ability to operate comfortably with stakeholders at a mid-senior level (e.g., Heads of Function and Units).Work with internal audit, business units, VMCP, FRM and ORM teams to align third party security requirements, identified risks, appetite for risk and mitigating controls, including the monitoring, and reporting on the effectiveness of the controls and the impact that this has on the overall security and risk.Manage technical security assessments for the Bank’s Third-Party security with other GISD Verticals team, report the outputs to GISD leadership, business, and technical teams for timely resolution.Stay abreast of global and regional information security threats by reviewing threat intelligence reports from Cyber Threat Intelligence unit.Ensure proper delivery of ad-hoc and planned third party technical assessments in accordance with internal information security policies and requirements or external information security regulations and standardsWork with the Head of IS Third Party Security for the continuous improvements in policies, procedures, standards, and guidelines in line with third party risk assessment findings and recommendations.