Information Security Governance

**MAJOR RESPONSIBILITIES AND ACOUNTABILITIES**
- Review and evaluate the design of security systems.
- Review and evaluate security policies, controls and incident response planning in cooperation with stakeholders throughout the enterprise.
- Review identity and access policies in cooperation with stakeholders throughout the enterprise.
- Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities;
- Ensure compliance with the changing laws and applicable regulations;
- Translate that knowledge to identification of risks and actionable plans to protect the business;
- Schedule periodic security audits;
- Make sure that security policies and procedures are communicated to all personnel and that compliance is enforced;
- Constantly update the security strategy to leverage new technology and threat information;
- Brief the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget in cooperation with stakeholders throughout the enterprise.
- Communicate best practices and risks to all parts of the business, outside IT.
- Develop, implement and monitor in cooperation with stakeholders throughout the enterprise a global strategic, comprehensive enterprise information security and risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.
- Manage the enterprise's information security organization consisting of direct reports and indirect reports. This includes hiring, training, staff development, performance management and annual performance reviews.
- Develop security organization talent, engaging/managing third parties as needed to ensure the required capabilities are available either internally or externally.
- Develop, maintain and publish up-to-date information security policies, standards and guidelines in cooperation with stakeholders throughout the enterprise. Oversee the approval, training, and dissemination of security policies and practices.
- Implement a standard Risk Philosophy, Risk Universe & Risk Taxonomy.
- Develop and manage information security budgets and monitor for variances.
- Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.
- Work directly with the business units to facilitate security risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
- Provide regular reporting on the current status of the security program to management, senior managers and the Board of Directors as part of a strategic enterprise risk management program.
- Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.
- Develop and implement an information security management framework that aligns with EGBank business model, EGbank risk profile, and EGbank existing compliance initiatives and efforts.
- Coordinate information security and risk management projects in cooperation with stakeholders throughout the enterprise from across the business unit teams and IT organization.
- Work with our compliance team to ensure that security and privacy programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
- Define and facilitate the global information security risk assessment process including the reporting and oversight of treatment efforts to address negative findings.
- Manage security incidents and events to protect corporate IT assets, including regulated data and the company's reputation.
- Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
- Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.
- Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals in cooperation with stakeholders throughout the enterprise.
- Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event.
- Provide direction, support and in-house consulting in these areas.
- Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.

**MINIMUM**
**JOB REQUIREMENTS**
- Minimum education:
- B.Sc of Engineering, Computer Science or similar discipline- Languages- Fluency in English and Arabic Spoken and Written- Ideal experience- 10+years of relevant professional work experience