FreeHire

HBL

Head of International IS Privacy Research and Innovation

Show
  • Oversee timely execution and completion of information security risk assessments of international locations.
  • Ensure development, review and update of Information Security Policies, Procedures and Standards of HBL international locations.
  • Ensure seamless coordination with internal and external auditors
  • Oversee data / information classification activities of HBL international locations.
  • Oversee vulnerability assessment and penetration testing activities of HBL international locations.
  • Review global regulatory requirements related to Information Security / Cybersecurity.
  • Assist CISO in managing Information Security of HBL international locations.
  • Ensure that related audit findings of international locations are timely closed.
  • Ensure that the budget is allocated for the projects initiated by HOK ISD for international locations.
  • Maintain the country profile including the IT footprint, risk exposure, and mitigating controls of international locations.
  • Coordinate with respective technical teams in the successful implementation of security projects for international locations.
  • Define the Bank’s privacy framework, policies, and control standards (ISO 27001/27701) in line with the applicable laws and regulations.
  • Establish an international operating model (charters, RACI, SLAs) covering SOC, IR, AppSec, CloudSec, Data Protection, and Third‑Party risk management.
  • Oversee DPIAs, TIAs, Records of Processing, and cross‑border transfer mechanisms (e.g., SCCs, intra‑group agreements, localization exceptions).
  • Coordinate with regional DPOs/Privacy Officers; ensure breach notification processes meet each regulator’s timelines.
  • Curate a global R&I agenda (regional fraud patterns, localized threats, AI/LLM security, API/Open Banking differences, cloud-native operations) and share reusable controls across countries.
  • Run cross‑region PoCs and disseminate best practices via a global center of excellence
  • Lead responses to regulatory inspections, supervisory letters, and external/internal audits across regions.
  • Track and drive closure of findings; maintain evidence repositories and dashboards.
  • Enforce Third‑Party Risk Management and Cloud/Outsourcing governance per host‑country requirements (due diligence, contracts, ongoing monitoring, exit).
  • Ensure data residency and localization constraints are engineered into architectures
  • Advance the current state-of-the-art in cybersecurity-related topics.
  • Analyze and assess cybersecurity technologies, solutions, developments and processes.
  • Assist in cybersecurity-related capacity building including awareness, theoretical training, practical training, testing, mentoring, supervising and sharing.
  • Lead the development of innovative cybersecurity-related solutions.
  • Conduct experiments and develop proof of concept, pilots and prototypes for cybersecurity solutions.
  • Conduct research, innovation and development work in cybersecurity-related topics.
  • Contributes towards cutting-edge cybersecurity business ideas, services and solutions.
  • Identify cross-sectoral cybersecurity achievements and apply them in a different context or propose innovative approaches and solutions.
  • Lead or participate in innovation processes and projects including project management and budgeting.
  • Manifest and generate research and innovation ideas.
  • Publish and present scientific works and research and development results.
  • Select and apply frameworks, methods, standards, tools and protocols including a building and testing a proof of concept to support projects.
  • People Management
  • Lead multi‑country teams; manage time zone‑aware operations and crisis management.
  • Drive security and privacy awareness and training tailored to local regulatory expectations and languages.

Minimum qualifications:

  • Bachelors in CS/IT/InfoSec/Legal (Privacy/Law); Master’s in Cybersecurity, Information Assurance, or Privacy/Law preferred
  • Preferably at least one of the following professional certifications:
    • CISSP
    • CISM

Minimum experience:

  • Minimum 15 years of experience; 8-10 years in international information security and privacy with 5 years in senior leadership.
  • Proven track record with GDPR and multi‑jurisdiction regulators in banking