Grc Manager

4 months ago

مدينة العبور, Egypt Manufacturing Commercial Vehicles (MCV) Full time

**Company**: MCV INDUSTRY ( egypt)
- **Job Purpose**:
Develop, implement and maintain MCV’s security governance, risk management, and compliance program This role will ensure that MCV adheres ISO 27001:2022, applicable laws and regulatory requirements

**Job Duties and Responsibilities**:

- Develop and maintain information security management systems & engineering governance policies, procedures and standards in alignment with regulatory requirements, ISO 27001, and industry best practices
- Develop, implement and maintain security policies, standards, procedures, guidelines and define KPI’s & KRI’s
- Stay updated on compliance requirements and relevant laws, regulations and industry standards relate to IT/OT security
- Identify, assess and prioritize information security risks across MCV
- Develop and implement risk management framework, guideline different stakeholders, develop risk register for monitoring and reporting on the status of risks & control effectiveness
- Conduct regular technical risk assessments and identify potential threats & vulnerabilities across MCV
- Develop and deliver security governance, risk and compliance training program
- Promote security awareness and compliance culture throughout MCV
- Familiar with SDLC & SSDLC, SecDevOps, help project managers to develop cybersecurity risk register for ongoing project, conduct periodic reviews aligned with mitigation controls
- Collaborate with internal & external stakeholders and provide technical guidance and support to management and IT, Engineering staff on ISMS, information security and GRC related matters
- Maintain accurate technical records and documentation, prepare and share regular quarterly report on ISMS program & MCV security posture

**Job Skills and Abilities**:

- Knowledge:
Knowledge of relevant laws and regulations such as GDPR, EGDPL, PCI-DSS
Strong technical knowledge of IT / IS governance frameworks
- Skills:
Excellent communication and interpersonal skills
Strong analytical and problem-solving skills with attention to details
Negotiation techniques
Conflict management & resolution
- Abilities:
Ability to multitask and to manage multiple technical projects and priorities in very dynamic environment

**Qualifications**:

- BSC in Engineering, Bachelor of Computer Science
- Professional certifications such as CISSP, CISM, CRISC, ISO 27001 lead implementer, ISO27001 auditor
- 8 - 10 years of experience