Job Description

• Oversee timely execution and completion of information security risk assessments of international locations.
• Ensure development, review and update of Information Security Policies, Procedures and Standards of HBL international locations.
• Ensure seamless coordination with internal and external auditors
• Oversee data / information classification activities of HBL international locations.
• Oversee vulnerability assessment and penetration testing activities of HBL international locations.
• Review global regulatory requirements related to Information Security / Cybersecurity.
• Assist CISO in managing Information Security of HBL international locations.
• Ensure that related audit findings of international locations are timely closed.
• Ensure that the budget is allocated for the projects initiated by HOK ISD for international locations.
• Maintain the country profile including the IT footprint, risk exposure, and mitigating controls of international locations.
• Coordinate with respective technical teams in the successful implementation of security projects for international locations.
• Define the Bank’s privacy framework, policies, and control standards (ISO 27001/27701) in line with the applicable laws and regulations.
• Establish an international operating model (charters, RACI, SLAs) covering SOC, IR, AppSec, CloudSec, Data Protection, and Third‑Party risk management.
• Oversee DPIAs, TIAs, Records of Processing, and cross‑border transfer mechanisms (e.g., SCCs, intra‑group agreements, localization exceptions).
• Coordinate with regional DPOs/Privacy Officers; ensure breach notification processes meet each regulator’s timelines.
• Curate a global R&I agenda (regional fraud patterns, localized threats, AI/LLM security, API/Open Banking differences, cloud-native operations) and share reusable controls across countries.
• Run cross‑region PoCs and disseminate best practices via a global center of excellence
• Lead responses to regulatory inspections, supervisory letters, and external/internal audits across regions.
• Track and drive closure of findings; maintain evidence repositories and dashboards.
• Enforce Third‑Party Risk Management and Cloud/Outsourcing governance per host‑country requirements (due diligence, contracts, ongoing monitoring, exit).
• Ensure data residency and localization constraints are engineered into architectures
• Advance the current state-of-the-art in cybersecurity-related topics.
• Analyze and assess cybersecurity technologies, solutions, developments and processes.
• Assist in cybersecurity-related capacity building including awareness, theoretical training, practical training, testing, mentoring, supervising and sharing.
• Lead the development of innovative cybersecurity-related solutions.
• Conduct experiments and develop proof of concept, pilots and prototypes for cybersecurity solutions.
• Conduct research, innovation and development work in cybersecurity-related topics.
• Contributes towards cutting-edge cybersecurity business ideas, services and solutions.
• Identify cross-sectoral cybersecurity achievements and apply them in a different context or propose innovative approaches and solutions.
• Lead or participate in innovation processes and projects including project management and budgeting.
• Manifest and generate research and innovation ideas.
• Publish and present scientific works and research and development results.
• Select and apply frameworks, methods, standards, tools and protocols including a building and testing a proof of concept to support projects.
• People Management
• Lead multi‑country teams; manage time zone‑aware operations and crisis management.
• Drive security and privacy awareness and training tailored to local regulatory expectations and languages.

Minimum qualifications:

• Bachelors in CS/IT/InfoSec/Legal (Privacy/Law); Master’s in Cybersecurity, Information Assurance, or Privacy/Law preferred
• Preferably at least one of the following professional certifications:
  • CISSP
  • CISM

Minimum experience:

• Minimum 15 years of experience; 8-10 years in international information security and privacy with 5 years in senior leadership.
• Proven track record with GDPR and multi‑jurisdiction regulators in banking