Job Description SECURITY RISK OFFICER - ( 240001PH )
Description
Description:
1. Perform directly to rollout independent Security Risk Assessments in the following scenarios:
a. Reviews of First Line Function effectiveness for Security Risk controls
b. On demand following security incidents, project changes, etc.
2. Assist risk owners on design & implementation of Security Risk Remediation Plans by providing expertise (Technical, functional and procedural) and provide guidance for risk based decisions.
3. Identify and validate Security Risks upon reviewing, Security Risk Notes, Security Incidents or cyber-attacks and contribute to their associated action plans to mitigate the same.
4. Handle all of the Security Risk Management Activities including but not limited to reviewing & qualifying the different risk notes and ensuring the relevant updates are reflected in the central risk register, communicating and notifying risk owners with relevant security risks, coordinating with the relevant stakeholders on the different risk remediation plans.
5. Update the different Security & Technology Risk Management Documentation Corpus
6. Assessment of metrics and Key Risk Indicators breaches to monitor the effectiveness of the controls and ensure proper risk mitigation.
7.
8. Assist in defining, maintaining and enriching Security Risk Managements’ Metrics, Taxonomy and Severity Scale as well as proficiently practice Security Risk Management techniques, methods and tools that were designed to ensure that all Security risks are adequately captured and managed. Moreover, prepare training materials and carry out communications activities in alignment with relevant stakeholders in order to improve mindset and knowledge.
9. Track and follow up with 1st Line of Defense of the Security risks, which are still under assessment in the centralized risk register.
10. Assist in reviewing the different risk treatment plans related to Security Risk Management in cooperation with relevant stakeholders prior submitting to the relevant committees, to ensure effective response to identified security risks
Qualifications
Qualifications:
§ Bachelor of Engineering, Computer Science, Information Technology or its equivalent.
§ For Officer 3 – 5 years in IT Security, Information Security, SOC, Information Technology, internal or external IT audit or a related discipline with Risk Management background.
§ For Senior Officer 5 – 8 in IT Security, Information Security, SOC, Information Technology, internal or external IT audit or a related discipline with Risk Management background.
§ Good knowledge of the Banking business environment, security & technology controls and Risk Management.
§ Experience in similar role such as a cybersecurity analyst or in security architecture (confidentiality, authentication, identity and access, standards, policies, intrusion detection, security perimeter, etc.) is required.
§ Knowledge & experience with at least one of the Risk Management Framework: ISO31K, FAIR.
§ Knowledge & experience with at least one of the Cybersecurity Best Practices: ISO27001, NIST.
§ Recommended relevant industry certifications in cybersecurity, including but not limited to:
· Risk Manager ISO 27005
· ISMS ISO 27001 Lead auditor or Lead Implementer
· Certified Information Systems Security Manager (CISM)
· Certified Information Systems Security Professional (CISSP)
· Certified Information System Auditor (CISA)
Primary Location
: Egypt-Giza-SMART VILLAGE BLDG. 2
