Information Security Grc Lead

5 months ago


مصر, Egypt AXA Egypt Full time

Implements security controls, risk assessment framework, and program that align to regulations requirements, ensuring documented and sustainable compliance that aligns with AXA Group Security Standards.
- Manage the cyber and information security risk management lifecycle, including gaining assurance of all existing and relevant cyber and information security policies and standards.
- Evaluates risks and develops security standards, procedures, and controls to manage risks. Improves security positioning through process improvement, policy, automation, and the continuous enhancement of capabilities.
- Regularly produce full gap analysis reports on areas of improvement and risk, recommending thorough mitigation plans including justification for options considered.
- Implements processes (governance, risk and compliance) to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts.
- Defines and documents business process responsibilities and ownership of the controls in GRC. Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports.
- experience in Implementing ISMS, performing internal reviews, drafting and enforcing policies in accordance with AXA Group Security, ISO 27001, and PCI-DSS.
- Work with the Third Party Risk Management (TPRM) lead to share good practice and ensure alignment for all cyber risks facing AXA both internal and external.
- Perform the Third-Party Risk Assessments (when applicable)
- Contribute to and check the contractual Cybersecurity clauses. Liaise with the Legal department whenever it is needed. Report to the project manager or to the management the risks of clause non-execution.
- Work with IT, and business teams in planning, process mapping, documentation and testing of cyber-focused elements of risk.
- Drive AXA's cyber and information security culture, acting in an ambassadorial role across the business, able to communicate to all levels of staff.
- Demonstrate an aptitude for reporting & communicating complex information security risk concepts to technical and non-technical audiences.
- Independently be able to produce comprehensive write ups of current risks and threats as they develop, producing expedient updates as situations change and span different threat vectors.
- Proactively monitor and inform senior stakeholders on emerging cyber risks and threats, providing a view through a business lens on potential impacts.
- Own the creation and presentation of cyber and information security performance against governance frameworks and risk appetite.
- Develop and maintain AXA's Security Risk Process including - assessing potential business impact that could result from a security breach, and the resultant value of the security of information; Identifying security weaknesses and vulnerabilities; Modelling security threat scenarios; Assessing the likelihood of such threat scenarios; Assessing the overall risk level and identifying and recommending appropriate controls to manage the risk.
- Updates security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, Secondary assurance, Minimum Technical Security Baseline
- Performs and investigates internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
- Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
- Assists other staff in the management and oversight of security program functions.
- Trains, guides, and acts as a resource on security assessment functions to other departments.
- Remains current on best practices and technological advancements and acts as Information Security for security assessment and regulatory compliance.
- Formulates detailed reports of internal reviews and periodic assessments
- Conduct organization wide information security awareness training
- Coordinate with Infrastructure and business systems Teams to implement identified controls, policies, and procedures.

**Skills**:
**Experience, Knowledge and Skills**:
**Education & certification**

Education
- Bachelor degree in Computer Science, Engineering, or related field.
- An MSc Information Security would be desirable but is not essential

Certification
- Certified Information Systems Security Professional (CISSP) preferred
- ISO 27001 Lead Implementer or ISO 27001 Lead Auditor certification strongly preferred
- CRISC preferred
- CISA preferred

**Skills / Abilities**
- Experience and strong knowledge in Cybersecurity
- Knowledge of risk assessment models
- Knowledge of auditing and reporting procedures
- Ability to implement risk monitoring and testing procedures


  • Grc Specialist

    6 months ago


    مصر, Egypt ITS Information Technology Solutions Full time

    **Job Title: GRC Specialist** **Company Overview**: ITS Information Technology Solutions is a leading provider of innovative IT solutions and services in Giza, Egypt. We specialize in delivering cutting-edge technology solutions to businesses of all sizes, helping them to stay ahead in today's fast-paced digital world. **Job Overview**: We are seeking a...


  • مصر, Egypt Careem Full time

    Cairo, Egypt Careem is building the Everything App for the greater Middle East, making it easier than ever to move around, order food and groceries, manage payments, and more. Careem is led by a powerful purpose to simplify and improve the lives of people and build an awesome organisation that inspires. Since 2012, Careem has created earnings for over 2.5...

  • Grc Consultant

    5 months ago


    مصر, Egypt MigrationIT Full time

    **Job Information**: Industry - IT ServicesSalary - 35000Field - Security & GRCField / Area - GRCJob Category - Security Consultant GRCWork Experience - 2-5 yearsCity - CairoState/Province - AI QahirahCountry - EgyptZip/Postal Code - 11311- This is a full-time on-site role located in Egypt for a GRC (Governance, Risk, and Compliance)- Consultant.- The GRC...

  • Senior Grc Consultant

    5 months ago


    مصر, Egypt Cyber Force Full time

    **Job Code**: [T24-003-GRC-Senior] **Job Type**: Hybrid (Office and Remote) **Location**: HQ, Cairo, Egypt Cyber Force, an established Managed Security Service Provider (MSSP) and Managed Detection and Response (MDR) provider, is on the lookout for an adept Senior GRC Consultant. This role is pivotal for steering our global clientele through the intricate...

  • Grc Senior Consultant

    5 months ago


    مصر, Egypt MigrationIT Full time

    **Job Information**: Industry - IT ServicesSalary - 40000Field - Security & GRCField / Area - GRCJob Category - Security Consultant GRCWork Experience - 4-5 yearsCity - CairoState/Province - AI QahirahCountry - EgyptZip/Postal Code - 11311- This is a full-time role Based in Egypt office for a GRC (Governance, Risk, and - Compliance) / Senior Consultant.- The...


  • مصر, Egypt Cyber Force Full time

    **Job Code**: [T24-002-GRC-Mid] **Job Type**: Hybrid (Office and Remote) **Location**: HQ, Cairo, Egypt Cyber Force, a leading Managed Security Service Provider (MSSP) and Managed Detection and Response (MDR) provider, is seeking a proactive and knowledgeable Mid-Level Cybersecurity Governance, Risk, and Compliance (GRC) Analyst. In this pivotal role,...


  • مصر, Egypt EGBank Full time

    Description Implements security controls, risk assessment framework, and programs that align with regulatory requirements, ensuring documentation and sustainable compliance that is in alignment with the Bank’s objectives. and advances Bank business objectives. Evaluates risks and develops security standards, procedures, and controls to manage and control...


  • مصر, Egypt RSA Full time

    **RSA - Senior Manager, **GRC & Customer Assurance** RSA provides trusted identity and access management for 12,000 organizations around the world, managing 25 million enterprise identities and providing secure, convenient access to millions of users. RSA specializes in empowering security-first organizations in financial services, healthcare, energy,...

  • IT Grc Specialist

    5 months ago


    مصر, Egypt CEQUENS Full time

    **Key Roles and Responsibilities**: **1. Governance**: - Develop and maintain IT governance policies, procedures, and standards in alignment with industry best practices and regulatory requirements. - Implement governance frameworks such as COBIT, ISO 27001, NIST, SOC 2, PCI etc., to ensure effective IT governance across the organization. - Coordinate with...


  • مصر, Egypt SGS Full time

    Company Description We are SGS - the world’s leading testing, inspection and certification company. We are recognized as the global benchmark for sustainability, quality and integrity. Our 97,000 employees operate a network of 2,650 offices and laboratories, working together to enable a better, safer and more interconnected world. **Job...

  • Information Security)

    5 months ago


    مصر, Egypt MigrationIT Full time

    **Job Information**: Industry - BankingField - Strategy, Planning & PMBudget - EGP 35,000.00Field / Area - Project ManagementJob Category - Project ManagerWork Experience - 1-3 yearsCity - New CairoState/Province - AI QahirahCountry - EgyptZip/Postal Code - 11311- Responsible for leading and administering the overall planning, providing high-level project...


  • مصر, Egypt athGADLANG Full time

    **aG Resources is hiring an Information Security Consultant with a minimum of 2 years of experience.** **Responsibilities**: - Advise on ISMS policies and procedures. - Conduct security inspections, audits, and assessments. - Develop and implement ISMS management systems. - Deliver training sessions on information security awareness and practices. -...


  • مصر, Egypt Allianz Egypt Full time

    **Responsibilities**: - Control & Review Audits/assessments; management of incident prevention, detection and incident response and ensure ongoing maintenance of security. - Risk Assessment Develop and implement an ongoing risk assessment program targeting information security. Recommend methods foe vulnerability detection and remediation and oversee...

  • Security Expert

    5 months ago


    مصر, Egypt Orange Full time

    Duties in coordination with L2 DSOC teams as escalation level for following activities - Troubleshoot and resolve high-complexity customer faults effectively. - Manage escalations with technology vendors and coordinate resolution efforts. - Perform service changes, assess risks, and implement requests within the agreed Change Management process using Orange...


  • مصر, Egypt SSC Egypt Full time

    1. Follow the security risk assessment methodology to assess the different business initiatives and projects. 2. Perform security risk assessments to align with the bank’s security policies and guidelines. 3. Validate and review the business requirements and ensure the relevant security measures are catered for throughout the different phases of the...


  • مصر, Egypt Staff Arabia Full time

    Excellent Vacancies in Saudi Arabia/ IT Our client, is one of the most well-known universities in Saudi Arabia, urgently requires the following positions: **Information Security Officer** - Bachelor in Computer or equal - 5 years experience - CISSP - Certified Information Systems Security Professional


  • مصر, Egypt SSC Egypt Full time

    1. Ensure proper management of the Security Compliance resources to support ongoing business initiatives from a security compliance perspective. 2. Ensure the annual review and update of the area’s processes and procedures with the development and adherence to the developed SLAs. 3. Support the implementation of the key strategic business initiatives and...


  • مصر, Egypt SSC Egypt Full time

    1. Conduct the annual review and update of the area’s processes, procedures and policies with the adherence to the developed SLAs. This includes mainly the review of the Information Governance Policy, the Security Governance Policy, the Data Classification Policy and the Information Access Management & Handling Procedures. 2. Design and Develop the Data...


  • مصر, Egypt SSC Egypt Full time

    1. Oversee and manage the Information Security Management team to ensure proper management of the resources to support the ongoing business initiatives and ensure clear personal development plan is developed for each team member with an adequate training and coaching plan. 2. Ensure the annual review and update of the area’s processes, procedures and...

  • SOC Adminstrator

    5 months ago


    مصر, Egypt ITS Information Technology Solutions Full time

    **Company Description** Information Technology Solutions - ITS is a technology solutions company founded in 2010. We specialize in delivering cybersecurity, fraud, and GRC solutions to help our partners and customers achieve digital innovation. With our dedicated teams located in Cairo, Egypt and across the Middle East, we are committed to delivering...