INFORMATION SECURITY CONTROLS & GOVERNANCE MANAGER-(260000N1)
1.Ensure proper management of the Information Security Controls and Governance resources to support ongoing business initiatives from a security controls and governance perspectives, ensuring the development of the necessary security access matrix mapped to the staff’s job titles and business activities.
2.Develop and Monitor the Information Security Controls and Governance Area’s Key Performance Indicators and ensure adherence to the same. This includes monitoring of the TAT and SLAs of handling the different access management requests. In addition to the KPIs & KRIs related to the Security Controls periodic reviews and assessments.
3.Ensure the annual review and update of the Information Security Controls and Governance area processes and procedures with the development and adherence to the developed SLAs.
4.Manage and oversee the implementation of the Data Classification & Protection program to ensure proper classification framework is defined that helps classify and protect the bank’s crown jewels and critical information assets. This includes maintaining the controls necessary to protect information and vital assets in accordance with security requirements and industry standards (privacy requirements, Personal Identifiable Information, encryption, Data Loss Prevention, data retention and destruction) for both structured and unstructured data.
5.Ensure proper timely tracking and closure of open (internal/External) audit issues.
6.Manage and oversee the Identity Access Management and Governance program to ensure proper governance of identities during the employment life cycle of all personnel in accordance with the security requirements and policies. including the development of the applications’ security matrix.
7.Manage and oversee the implementation of the Security Controls and Governance roadmap to ensure the planned reviews are conducted as per the predefined frequencies as well as the closure of the identified gaps in a timely manner, and ensure conducting access rights certification campaigns over the different bank systems to validate current access rights granted to employees, and ensure proper enforcements of actions identified as an outcome of the campaigns.
8.Handle and manage exceptions and escalations to ensure proper support and alignment is in place between Information Security Controls and Governance area and the different stakeholders. This includes resolving communication conflicts to ensure a streamlined process is in place.
9.Work collaboratively with Business units, IT teams, Audit, Legal and risk management functions to address open gaps/issues driven from internal/external audit, independent assessments and reviews as applicable, and ensure proper tracking mechanism is in place in coordination with the relevant stakeholders.
10.Ensure proper enforcement of the developed security policies and controls including Physical and Environmental Security policy, Human Resources Security Policy, Information Governance Policy. This in addition to the URL Filtering, Internet Access Policies as well as the Data Loss Prevention Policies.
11.Ensure adherence to the defined security controls operating model to support the different security controls requirements and communicate violations to the relevant teams. This includes managing the different security controls approvals including (Removable media access, Remote Working Access, Internet Access, External Email Access, EMM, etc..) ensuring adherence to the set SLAs and TAT.
12.Assess and take the necessary actions towards the different policies’ violations identified through the Privileged Access Management, Security Monitoring Tools such as NexThink, DLP or through the on-going SOC monitoring and reporting.
Qualifications & Experience
Bachelor’s degree of Engineering, Computer Science, Information Security or equivalent.
Minimum 8 - 10 years of experience in IT, Information Security, Risk Analysis and / or Governance and Compliance
Recommended Certifications
oSANS Global Information Assurance Certification (GIAC)
oCRISC
oISO 27001:2013 Lead implementer
oCISM
Skills
Very good command of English and Arabic languages
Very good Management and leadership skills
Very good Negotiation skills
Excellent Communication skills
Egypt-Giza-SMART VILLAGE BLDG. 3
Back Office
FINANCE, STRATEGY, OPERATIONS & TECHNOLOGY
Day JobJob TypeFull-time Employee
No
Commercial International Bank was established in 1975 as a joint venture between the National Bank of Egypt (NBE, 51%) and the Chase Manhattan Bank (49%) under the name "Chase National Bank of Egypt”. Following Chase's decision to divest its equity stake in 1987, NBE increased its shareholding to 99.9%, changing the Bank’s name to Commercial International Bank (Egypt) S.A.E. NBE’s stake gradually decreased through several public offerings till reaching 18.7%. In 2006, a Consortium led by Ripplewood Holdings acquired NBE stake. In July 2009, Actis, a leading emerging markets private equity firm, invested US$ 244 million to get shares in CIB, acquiring hence 50% of the Ripplewood Holdings Consortium’s stake. Five months later, Ripplewood sold its remaining 4.7% stake over the open market, marking the successful transition of strategic partnership to be with Actis, who then became CIB’s largest shareholder with a 9.1% stake. In March 2014,Actis sold a portion of its holding, representing 2.6% of the Bank’s total outstanding shares, in the open market to a group of international investors. In May 2014, Actis, successfully realised its investment in CIB and sold its remaining 6.5% to Subsidiaries wholly owned by Fairfax Financial Holdings Ltd “Fairfax”.
CIB is Egypt’s leading private sector bank, offering a broad range of financial products and services to its customers, including enterprises of all sizes, institutions, households and high-net worth individuals. CIB strives to provide superior financial solutions to meet all customers’ needs. Having the strongest brand equity rightfully places CIB as the bank of choice for over 500 of Egypt’s largest corporations. CIB shows tremendous potential within the bourgeoning Retail and SME Banking markets. Through its superior management, high-operating standards, corporate governance best practices and training programs,CIB has succeeded in becoming the most profitable commercial bank operating in Egypt for more than 40 years.
