InfoSec Risk Consultant

• Develop and update annual Information Security RCSA review for Information Security function in FAB Egypt.
  
• Perform annual information security review for the IT infrastructure and applications,
  
• Maintain technology risk registers on archer and ensure identified risks are remediated according to security guidelines.
  
• Acting as second eye and checker to for IT-RCSA reports to support other functions.   
  
• Coordinate with third party assessors to maintain Risk Assessment reports to support bank accreditation (PCI-DSS, ISO 27K, ISO 22301K, etc.) and Attestation.
  
• Coordinate with IT for Risk control self-assessment of IT service catalogue services including Define, monitor and measure KPI’s, and KRI’s
  
• Coordinate with Internal, external, and regulatory auditors for security risk management domain.
  
• Review IT concept design, solution design, applications, and documents to identify security risks.
  
• Perform Technical Risk Assessment activities on major infrastructure changes/ IT Projects to ensure that mandatory controls are implemented.
  
• Coordinate with SOC team to identify and escalate unauthorized changes to critical IT assets performed by IT. Escalate violations to disciplinary actions.
  
• Review projects BRD document ensuring that Information Security is primary stakeholder in business project, and that project implementation shall follow Bank Information Security & BC standards and aligned with CBE regulations.
  

Requirements

• University degree and minimum experience of 4-9 years in the fields of information security
  
• Experience of risk assessment methodology and approaches according to international standards, best practices, and frameworks.
  
• Knowledge of organizational processes and procedure.
  
• Background and experience in Cybersecurity and risk management.
  
• Knowledge and experience of Cybersecurity controls and best practices.
  
• Ability of conduct risk assesses to identify gaps, recommend required control and monitor treatment actions.
  
• Hand-on experience of Governance, Risk, and compliance tools.
  
• Very Good command of English language.
  
• Adequate knowledge in local and international Information security standards eg CBE regulation, ISO27001, PCI-DSS 3.2.1, NIST.
  
• Good analytical skills.
  
• Project management skills.
  
• Experience in banking operations.
  
• Preferred certifications ,CRISC ,CISSP ,ISO27001LA/LI.