Information Security Lead - Priv...
Alshaya -
Nasr City, Cairo
Job Details
Experience Needed:
Career Level:
Education Level:
Salary:
Job Categories:
Skills And Tools:
Job Description
Role Profile:
The GRC Lead – Privacy, Risk & Access Management will play a pivotal role in strengthening Alshaya Group’s governance, risk, and compliance posture with a core focus on data privacy, enterprise risk management, and identity & access governance. This role will also lead and support cross-functional security projects such as SSO integration and user access reviews, ensuring secure, compliant, and business-aligned identity practices across the enterprise.
The Below Key Performance Areas include but are not limited to:
- Develop and implement privacy and data protection policies aligned with GDPR, KVKK, PDPL, and other regional regulations.
- Conduct DPIAs, PIAs, and privacy risk assessments to ensure responsible data handling.
- Manage enterprise risk through a structured Risk Management Framework and maintain the Enterprise Risk Register.
- Define and enforce IAM policies including RBAC, SoD, and user access reviews.
- Lead or support IAM initiatives such as SSO integrations, PAM implementations, and access certification campaigns.
- Align GRC and IAM practices with standards like ISO 27001, NIST, PCI DSS, and SOX.
- Facilitate internal and external audits, assessments, and third-party reviews.
- Oversee GRC tools and privacy platforms (e.g., Archer, OneTrust, ServiceNow GRC).
- Drive cross-functional projects including policy harmonization and audit remediation.
- Prepare executive-level reports and dashboards for governance and compliance oversight.
- Act as a liaison for privacy, risk, and IAM discussions across departments.
- Promote GRC awareness and training across the organization.
Job Requirements
Knowledge:
- Strong understanding of global privacy regulations (e.g., GDPR, KVKK, PDPL) and data protection principles.
- In-depth knowledge of enterprise risk management frameworks and risk assessment methodologies.
- Familiarity with IAM concepts including RBAC, SoD, SSO, PAM, and identity lifecycle management.
- Experience with compliance standards such as ISO 27001, NIST, PCI DSS, and SOX.
- Proficiency in using GRC and privacy management tools (e.g., Archer, OneTrust, ServiceNow GRC).
- Ability to lead cross-functional projects and integrate GRC, IAM, and privacy workflows.
- Strong stakeholder engagement and communication skills for executive and cross-departmental collaboration.
- Analytical skills for conducting DPIAs, PIAs, and interpreting KRIs and audit findings.
- Knowledge of authentication protocols (e.g., SAML, OIDC) and identity governance best practices.
- Experience in managing DSARs, breach responses, and audit readiness activities.
Experience:
- 5-7 years experience in Information Security Domain
- Bachelor’s degree in Information Security, Computer Science, Risk Management, or related field. Master’s degree or MBA is a plus.
- CIPP/E, CIPM, or other IAPP certifications; CRISC, CISA, or ISO 27001 Lead Implementer; Identity and Access certifications such as Azure, Okta, or SailPoint; ITIL or PMP for project management is a plus.
Skills:
- Strong understanding of IAM principles, SSO protocols (SAML, OIDC), and identity lifecycle.
- Knowledge of privacy regulations and enterprise risk frameworks.
- Excellent stakeholder management, communication, and cross-functional collaboration skills.
- Proficient in GRC tools , Privacy Tools & Access management platforms.
