Head of Information Security Management
On-site Cairo, Cairo Governorate, Egypt 0036
Description
1. Oversee and manage the Information Security Management team to ensure proper management of the resources to support the ongoing business initiatives and ensure clear personal development plan is developed for each team member with an adequate training and coaching plan.
2. Ensure the annual review and update of the area’s processes, procedures and policies with the development and adherence to the developed SLAs.
3. Ensure the proper enforcement of the developed security policies across all areas.
4. Lead the enhancing, formalizing and standardizing of the different information security programs and management processes, to apply effective control mechanisms and to ensure organization’s ability to manage and be protected towards different types of security threats, including but not limited to the Identity & Access Management, Data Classification and Protection, Privileged Access Management programs and others
5. Oversee the implementation of the Information Security Management strategy and objectives to ensure the proper enforcement of the developed security policies.
6. Liaise with IT Security Department to ensure adequacy of security testing and assessments prior to execution, to ensure sound security practices are implemented across all bank’s platforms, systems and services provided, while also ensuring the relevant processes and procedures are adequately reflecting and considering the security policy requirements, as well as risk, compliance and controls requirements.
7. Develop and enhance information security procedures with proper reflection of the emerging threats and changes to the bank’s Cyber Security landscape, including the maintenance of staff awareness of these policies and procedures, as well as proper monitoring of policy exceptions.
8. Ensure that a proper security risk assessment framework is in place and effectively implemented across different areas of the organization, with timely identification, escalation, resolution and follow up for all outstanding issues related to Security as tracked in the Security risk register and KRIs.
9. Act as support arm when it comes to Information Security consultation for all different business units within the organization and provide sound feedback and alternative solutions for security risk mitigation.
10. Validate and ensure adequate feedback is provided on behalf of the security organization (Info Sec, IT Security, Physical Security, Security Operations Center) to internal/external auditors, regulatory bodies and other entities as applicable.
11. Seek concurrence from the Non-Financial Risks and Compliance Committee and keep the relevant Committees updated with the overall Security Risk Rating of the bank to assist in better-formed decisions and security strategy planning.
12. Report Security risks, compliance and controls dashboards and exceptions to Non-Financial Risks and Compliance Committee and other relevant committees as required.
13. Communicate with Senior Management for any needed clarifications or highlighting security risks that require more organizational; awareness and action, through the relevant committees or individually.
14. Work closely with Security Operations Centre to ensure aspects of Information Security Risk, Control and Compliance that require continuous monitoring are adequately embedded within the day-to-day SOC operations.
15. Ensure the annual maintenance of the PCI-DSS certification to keep the card holders’ data secured against cyber-attacks.
16. Ensure the annual compliance with the CBE Regulations, SWIFT CSP requirements and International Information Security and Business Continuity Management ISO 27001 standards, to prevent security breaches.
17. Handle and manage exceptions and escalations, to ensure proper support and alignment is in place between Information Security Management and the different stakeholders.
18. Work collaboratively with Business units, IT teams, Audit, Legal and risk management functions to address open gaps/issues driven from internal/external audit, independent assessments and reviews as applicable, and ensure proper tracking mechanism is in place in coordination with the relevant stakeholders.
19. Participate in the development of the Security & Resilience Management group strategy in line with CIB and Group strategy to ensure vertical and horizontal integration with other interfacing initiatives and departments across the bank.
20. Participate in the development of the Security & Resilience Management group policies, processes and procedures to ensure all relevant procedural/legislative requirements are fulfilled
21. Manage the day-to-day operations of the Information Security Management Department providing guidance, encouraging teamwork and facilitating related professional work processes in order to achieve high performance standards.
22. Liaise with internal and external parties at the appropriate levels to ensure smooth flow of interactions.
23. Contribute to the preparation of the Security & Resilience Management group budget, and monitor the financial performance of a given area of activity versus set budget to ensure alignment.
24. Manage the effective achievement of Information Security Management department objectives by setting individual targets, developing and motivating staff, providing of formal and informal feedback and appraisal in order to maximize subordinate and department performance.
Requirements
§ Bachelor’s degree of Engineering, Computer Science or equivalent
§ Minimum of 10 - 12 years working experience in IT, Information Security and/or any related fields
§ Recommended Certifications:
o CRISC
o CISM
o ISO 27001:2013 Lead Implementer
§ Mandatory Certifications:
o EC Council C|CISO
Skills:
§ Excellent command English and Arabic Languages
§ Excellent Communication and Presentation skills
§ Excellent Project management skills
§ Excellent leadership skills
