Job Description - INFORMATION SECURITY CONTROLS & GOVERNANCE MANAGER (240001ZC)
Job Description
INFORMATION SECURITY CONTROLS & GOVERNANCE MANAGER - ( 240001ZC )
Description
1. Ensure proper management of the Information Security Controls and Governance resources to support ongoing business initiatives from a security controls and governance perspectives, ensuring the development of the necessary security access matrix mapped to the staff’s job titles and business activities.
2. Develop and Monitor the Information Security Controls and Governance Area’s Key Performance Indicators and ensure adherence to the same. This includes monitoring of the TAT and SLAs of handling the different access management requests. In addition to the KPIs & KRIs related to the Security Controls periodic reviews and assessments.
3. Ensure the annual review and update of the Information Security Controls and Governance area processes and procedures with the development and adherence to the developed SLAs.
4. Manage and oversee the implementation of the Data Classification & Protection program to ensure proper classification framework is defined that helps classify and protect the bank’s crown jewels and critical information assets. This includes maintaining the controls necessary to protect information and vital assets in accordance with security requirements and industry standards (privacy requirements, Personal Identifiable Information, encryption, Data Loss Prevention, data retention and destruction) for both structured and unstructured data.
5. Ensure proper timely tracking and closure of open (internal/External) audit issues.
6. Manage and oversee the Identity Access Management and Governance program to ensure proper governance of identities during the employment life cycle of all personnel in accordance with the security requirements and policies. including the development of the applications’ security matrix.
7. Manage and oversee the implementation of the Security Controls and Governance roadmap to ensure the planned reviews are conducted as per the predefined frequencies as well as the closure of the identified gaps in a timely manner, and ensure conducting access rights certification campaigns over the different bank systems to validate current access rights granted to employees, and ensure proper enforcements of actions identified as an outcome of the campaigns.
8. Handle and manage exceptions and escalations to ensure proper support and alignment is in place between Information Security Controls and Governance area and the different stakeholders. This includes resolving communication conflicts to ensure a streamlined process is in place.
9. Work collaboratively with Business units, IT teams, Audit, Legal and risk management functions to address open gaps/issues driven from internal/external audit, independent assessments and reviews as applicable, and ensure proper tracking mechanism is in place in coordination with the relevant stakeholders.
10. Ensure proper enforcement of the developed security policies and controls including Physical and Environmental Security policy, Human Resources Security Policy, Information Governance Policy. This in addition to the URL Filtering, Internet Access Policies as well as the Data Loss Prevention Policies.
11. Ensure adherence to the defined security controls operating model to support the different security controls requirements and communicate violations to the relevant teams. This includes managing the different security controls approvals including (Removable media access, Remote Working Access, Internet Access, External Email Access, EMM, etc..) ensuring adherence to the set SLAs and TAT.
12. Assess and take the necessary actions towards the different policies’ violations identified through the Privileged Access Management, Security Monitoring Tools such as NexThink, DLP or through the on-going SOC monitoring and reporting.
Qualifications
Qualifications & Experience
Bachelor’s degree of Engineering, Computer Science, Information Security or equivalent.
Minimum 8 - 10 years of experience in IT, Information Security, Risk Analysis and / or Governance and Compliance
Recommended Certifications
o SANS Global Information Assurance Certification (GIAC)
o CRISC
o ISO 27001:2013 Lead implementer
o CISM
Skills
Very good command of English and Arabic languages
Very good Management and leadership skills
Very good Negotiation skills
Excellent Communication skills
Primary Location
: Egypt-Giza-SMART VILLAGE BLDG. 3
Job
: Back Office
Organization
: COO
Shift
: Day Job Job Type : Full-time Employee
Refer a friend for this job
Tell us about a friend who might be interested in this job. All privacy rights will be protected.
