Browse Jobs
LoginJoin NowEmployer?

Information Security GRC Team Le...

Masria Digital Payment (...
New Cairo, Cairo

Information Security GRC Team Leader

New Cairo, CairoPosted 2 months ago
16Applicants for1 open position
  • 2Viewed
  • 0In Consideration
  • 0Not Selected

Job Details

Experience Needed:
Career Level:
Education Level:
Job Categories:

Skills And Tools:

Job Description

  • Delivery of Security GRC management and processes that get with Security Strategy. 
  • Creation, implementation, and monitoring of information security polices, processes, exceptions, and change management requests assessment to automate and continuously monitor information security controls, risks, testing and incidents.
  • Develop and maintain a risk register and risk management framework.
  • Performing end to end IT solutioning/workflow risk assessment to identify potential risks and propose mitigation solutions. 
  • Schedules regular assessments and testing of effectiveness and efficiency of controls and creates security metrics, dashboard.
  • Ensuring that requirements in PCI Standards, IT Audit, Security Standards, Policy, Compliance and Risk controls are met. 
  • Updates security controls and provides support to all stakeholders on security controls covering internal assessments, laws and regulations.
  • Responsible for managing Third Party Risk management (review of NDA, SLA, SOC type II reports).
  • Performs and investigates internal and external information security risk and exceptions assessments. 
  • Coordinate with Infrastructure and business systems Teams to implement identified controls, policies, and procedures.
  • Develop information security awareness materials to be sent to all corporate employees
  • Remains current on best practices and technological advancements and acts as the corporate’s technical resource for security assessment and regulatory compliance.
  • Performs other related duties as assigned.
  • Manage the ISMS and security standards (PCI DSS…) scope as well as strategic expansion across the globe.
  • Support the management of information security governance for the organization, ensuring adherence to policies and standards.
  • Work closely with the CISO to ensure key information security risks and issues are identified, addressed and resolved in a timely manner.
  • Coordinate periodic security assessment and prioritize and manage response activities.
  • Work closely with the Information Security Operations team; assist the CISO in providing oversight and challenge to the Fist Line of Defense team.
  • Assist with updating the Third-Party Risk Management framework including policy, procedures, due diligence questionnaires and the monitoring of third parties’ adherence to information security and data privacy obligations.
  • Assist with the client management aspects of the Information Security team, including client and potential client questionnaires; help design a more effective process including a self-service process and a library of standard responses.
  • Develop relevant metrics, analyze data, identify trends and help drive improvements to the control environment.
  • Assist the CISO in GRC and general information security issues as required, including interaction with the Security Operations team, Technology teams and business leaders.

Technical Skills: 

  • Experience of leading an ISMS as part of an ISO27001 certified program.
  • Experience of leading PCI compliance and certification program.
  • Recent experience of working in a similar capacity in a financial services organization.
  • Excellent interpersonal skills, comfortable working at all levels within an organization and in a wide variety of situations.
  • Relevant industry certification (e.g. ISO 27001 Lead Auditor, CISSP, CISM, etc.) highly desirable.
  • Broad level of knowledge of security and risk issues and techniques across platforms.
  • Excellent knowledge of methodologies, processes and tools associated with supporting this function effectively.
  • Ability to understand and assess technology systems and applications from both a technical and business function perspective.
  • Ability to communicate business and technical risk to all levels of audience.
  • Ability to present security topics to a non-technical audience.
  • A good understanding of IT networking and access management concepts.
  • Knowledge of Information Security Risk management processes & assessment (ISO27005, NIST).
  • Strong demonstrated knowledge of Business Continuity Plan and Disaster Recovery Plan.

Job Requirements

  • Bachelor’s degree in Engineering, computer science or equivalent 
  • Required 5 plus years of relevant experience 
  • Security or relevant IT certification is a plus 
  • Experience of implementation security policies and procedures within multination organization is MUST.
  • Familiarity with Third Party Risk Management, External and internal Audit.
  • good communication skills 

Featured Jobs

Similar Jobs

Search other opportunities
JobsBankingInformation Security GRC Team Leader