Full Time
Cairo
Posted 1 month ago

GRC Professional

Department\ GRC\Information Security
Division Risk
Reports To CISO
Location Head Office
No. of Employees per job 2
Job Purpose
Development of cybersecurity policies, and governance of security structures Cyber Security and Operations, Cyber Security Risk Management, and Compliance With the organization’s risk management and cyber security requirements and requirements relevant legal.
Duties & Responsibilities
Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
Plan and conduct security authorization reviews and assurance case development for new and existing installation of systems and networks to confirm that risk is within acceptable limits.
Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
Verify and update security documentation reflecting the application/system security design features.
Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).
Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
Assure successful implementation and functionality of security requirements and appropriate IT policies and procedures that are consistent with the organization’s mission and goals.
Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
Conduct interactive training exercises to create an effective learning environment
Develop new or enhance existing awareness and training materials that are appropriate for intended audiences.
Internal Contacts
ABG, Information Technology sector, Risk, compliance, and end user
External Contacts
Central Bank of Egypt (CBE)
Authority
As per Access Matrix

Requirement
– Qualifications
Holds Bachelor’s degree in engineering, Computer Science, Cyber Security, or any related field
Preferably have one of the following certifications: CCNA Security, CompTIA Security +, CISA, ISA27001
Language Arabic, English

Experience:

  • At least two years of experience working in the same field as well as IT experience
  • Needed Skills & Knowledge
  • Ability to: Identify systemic security issues based on the analysis of vulnerability and configuration data.
  • Answer questions in a clear and concise manner.
  • Ask clarifying questions.
  • Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
  • Design valid and reliable assessments.
  • Apply critical reading/thinking skills.
  • Evaluate information for reliability, validity, and relevance.
  • Function in a collaborative environment, seeking continuous consultation with others
  • Interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives.
  • Interpret and understand complex and rapidly evolving concepts.
  • Monitor advancements in information privacy technologies to ensure organizational adaptation and compliance.
  • Relate strategy, business, and technology in the context of organizational dynamics.
  • Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Knowledge of:
    Computer networking concepts and protocols, and network security methodologies.
    Risk management processes (e.g., methods for assessing and mitigating risk).
    Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
    Cybersecurity and privacy principles.
    Cyber threats and vulnerabilities.
    Specific operational impacts of cybersecurity lapses.
    Authentication, authorization, and access control methods.
    Applicable business processes and operations of bank.
    Cyber defense and vulnerability assessment tools and their capabilities.
    Cryptography and cryptographic key management concepts
    Data backup and recovery.
    Database systems.
    Business continuity and disaster recovery continuity of operations plans.
    Organization’s enterprise information security architecture.
    Organization’s Local and Wide Area Network connections.
    Security Assessment and Authorization process.
    Cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
    Cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
    Risk Management Framework (RMF) requirements.
    Current industry methods for evaluating, implementing, and disseminating IT security assessment, monitoring, detection, and remediation tools and procedures
    Network access, identity, and access management (e.g., PKI, Oauth, OpenID, SAML, SPML).
    New and emerging information technology (IT) and cybersecurity technologies.
    System and application security threats and vulnerabilities (e.g., buffer overflow,)
    Systems diagnostic tools and fault identification techniques.
    Enterprise information technology (IT) architecture.
    Organization’s enterprise information technology (IT) goals and objectives.
    Supply Chain Risk Management Practices (NIST SP 800-161)
    Organization’s core business/mission processes.
    Information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
    Critical infrastructure systems with information communication technology that were designed without system security considerations.
    Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
    Security architecture concepts and enterprise architecture reference models
    Security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
    Personally Identifiable Information (PII) data security standards.
    Payment Card Industry (PCI) data security standards.
    An organization’s information classification program and procedures for information compromise.
    Controls related to the use, processing, storage, and transmission of data.
    Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
  •  

Skills in:

  • Applying confidentiality, integrity, and availability principles.
  • Determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • Discerning the protection needs (i.e., security controls) of information systems and networks.
  • Recognizing and categorize types of vulnerabilities and associated attacks.
  • Interfacing with customers.
  • conducting reviews of systems.
  • network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.

Integrating and applying policies that meet system security objectives.
Assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, etc)
performing impact/risk assessments.
Information prioritization as it relates to operations.
Interpreting vulnerability scanner results to identify vulnerabilities.
Managing client relationships, including determining client needs/requirements, managing client expectations, and demonstrating commitment to delivering quality results.
Performing target system analysis.
Preparing and presenting briefings.
Preparing plans and related correspondence.
Prioritizing target language material.
Processing collected data for follow-on analysis.
Providing analysis to aid writing phased after action reports.
Reviewing and editing assessment products.
Reviewing and editing plans.
Tailoring analysis to the necessary levels (e.g., classification and organizational).
Target development in direct support of collection operations.
Target network anomaly identification (e.g., intrusions, dataflow or processing, target implementation of new technologies).
Access information on current assets available, usage.
Analyze strategic guidance for issues requiring clarification and/or additional guidance.
Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Other Vacancies

Job Features

Job CategoryCustomer Service
Job LevelExperienced - Non Managerial
FunctionalityProject Management
IndustryBanking

Apply Online

Are you CCNA security, Comp TIA security +, CISA , ISA27001 certified ?