Egyptian Banks Company
WebsiteSenior Specialist, Information Security - Governance
Job description
- Apply defense-in-depth concepts and information security controls (Administrative, Technical, Physical, Operational, Deterrent, and Compensating controls) within day-to-day security activities.
- Support compliance activities related to information security frameworks and standards such as PCI TSP, PCI PIN, SOC2 Type II, and ISO27001.
- Perform PCI-DSS control activities and execute the relevant periodic compliance tasks.
- Support the implementation of controls under the CBE Cyber Security Framework.
- Manage and track different audit missions and provide the needed support to stakeholders in the remediation plan.
- Develop and review information security and corporate policies and processes to ensure alignment with information security standards and regulations.
- Execute and support the information security awareness program, including security awareness trainings, phishing simulation campaigns, and security awareness sessions.
- Assess new user access requests and review existing access permissions against the least privilege and need-to-know principles.
- Support information security assurance activities and risk management practices.
- Bachelor's degree in engineering, computer science or equivalent
- +5 years of relevant experience
- Reasonable knowledge of defense-in-depth and information security controls (Administrative Controls, Technical Controls, Physical Controls, Operational Controls, Deterrent Controls, Compensating Controls).
- Reasonable knowledge of information security compliance frameworks and standards such as PCI TSP, PCI PIN, SOC2 Type II, ISO27001, PCI PIN.
- Strong knowledge of PCI-DSS, including the controls and relevant periodic activities.
- Strong knowledge of the CBE Cyber Security Framework, including control implementation.
- Strong knowledge of the information security awareness program, including security awareness trainings, phishing simulation campaigns, and security awareness sessions.
- Strong knowledge of user access governance, including assessing new user access requests and reviewing existing access permissions against the least privilege and need-to-know principles.
- Basic knowledge of information security assurance activities and risk management practices.


