Information Security Compliance Manager
On-site Cairo, Cairo Governorate, Egypt
Description
1. Ensure proper management of the Security Compliance resources to support ongoing business initiatives from a security compliance perspective.
2. Ensure the annual review and update of the area’s processes and procedures with the development and adherence to the developed SLAs.
3. Support the implementation of the key strategic business initiatives and projects through conducting the necessary compliance checks and security assessments such as (Code Reviews and Penetration Tests) before systems’ rollout.
4. Manage and oversee the vulnerability management program to ensure proper identification, assessment, reporting and timely remediation of the identified vulnerabilities.
5. Review periodical vulnerability scans and penetration tests results to prepare a long/medium term remediation plan in order to mitigate any existing threats and avoid any potential risks.
6. Ensure effective participation in the projects/Business Requirement Documents (BRD) initiation cycle, security testing and validation process including Penetration Testing, Dynamic Scans, Secure Code reviews, internal security controls checks/validations, … etc. within the overall software development and acquisition process to assess and identify areas of concern from security compliance perspective in line with regulations, standards and best practices.
7. Ensure & maintain the annual compliance with PCI-DSS, SWIFT CSP, EU GDPR and CBE regulations & other applicable standards and regulations.
8. Ensure compliance with Information Security and Business Continuity Management ISO standards to maintain the acquired ISO certificates.
9. Manage vendor communication across all security testing/services requirements, while ensuring appropriate agreements are in place with third parties to preserve the bank’s information confidentiality, integrity and availability.
10. Work collaboratively with Business units, IT teams, Audit, Legal and risk management functions to address open gaps/issues driven from internal/external audit, independent assessments and reviews as applicable, and ensure proper tracking mechanism is in place in coordination with the relevant stakeholders.
11. Ensure that a proper process is maintained across the different IT areas for enforcement and closure of vulnerability management and patch management gaps.
12. Maintain a proper security compliance portfolio and ensure proper reporting to the relevant committees as applicable.
13. Manage and operate a number of security tools (within security compliance scope) such as Firewall Policy Management (Compliance Modules), Vulnerability Scanning and Enterprise Security Management tools, Dynamic and static code scanning/review tools, Enterprise Security Monitoring tools.
14. Ensure the annual license and support renewal are done in a timely manner through the bank’s approved process lifecycle for all tools managed by Security Compliance.
15. Ensure proper validation of the responses obtained for open internal/external audit issues before communicating with Information Security Management to properly assess and track the open audit issues.
16. Resolve communication/misunderstanding conflicts between Security Compliance team and different stakeholders to ensure a streamlined process is in place.
17. Reflect necessary compliance triggers in the Security Operations Center use cases and participate in reviewing use cases development, testing and launching to be monitored on ongoing basis by the SOC team.
18. Ensure adherence to the defined compliance operating model to support the different security controls and compliance requirements and communicate violations to the relevant teams.
19. Participate and recommend improvements to policies, processes and procedures and manages their implementation to ensure all relevant procedural / legislative requirements are fulfilled.
20. Participate in the formulation and implementation of the Information Security Management Department strategy to ensure the alignment .
21. Supervise the day to day operations of the Information Security Compliance team providing some guidance in the related area, encouraging teamwork and facilitating related professional work processes in order to achieve high performance standards.
22. Supervise the activities and work of subordinates to ensure that all work within a specific area is carried out in an efficient manner and in compliance with the set policies, processes and procedures.
Requirements
§ Bachelor’s degree of Engineering, Computer Science, Information Security or equivalent.
§ Minimum 8 - 10 years of experience in IT or related fields Information Security auditing/compliance (recommended)
§ Risk Management Background with Risk analysis skills
§ Recommended Certifications:
o CISM
o ISO Lead Implementer / Auditor
§ Mandatory Certifications:
o CISA
Skills:
§ Very good command of English and Arabic languages
§ Very good Conflict Management skills
§ Very good communication and presentation skills
§ Very good Project management skills
§ Very good Leadership skills
§ Very good Time management skills
