Job Description

Location: Cairo, Egypt (100% On-Premise)

Contract Duration: 6 Months (Extendable)

Employment Type: Contract

About us:

Where elite tech talent meets world-class opportunities!

At Xenon7, we work with leading enterprises and innovative startups on exciting, cutting-edge projects that leverage the latest technologies across various domains of IT including Data, Web, Infrastructure, AI, and many others. Our expertise in IT solutions development and on-demand resources allows us to partner with clients on transformative initiatives, driving innovation and business growth. Whether it's empowering global organizations or collaborating with trailblazing startups, we are committed to delivering advanced, impactful solutions that meet today’s most complex challenges.

About the Client:

Join one of Egypt’s premier financial institutions, renowned for its extensive suite of banking services, including Institutional Banking, Personal Banking, and Islamic Banking. With a global presence through over 50 branches and correspondents, we serve a diverse and dynamic clientele. As we embark on a groundbreaking digital transformation journey, we are committed to leveraging the latest technologies to establish a state-of-the-art data architecture that will redefine our performance and service delivery.

This role is responsible for designing, building, and running information security awareness and engagement

programme from the ground up. It is not a content creation role. It is a programme lead role — combining

marketing strategy, internal communications, vendor management, and behavioural change to shift the security

culture across the bank. The lead owns the full programme: strategy, calendar, content, delivery, vendor sourcing,

measurement, and executive reporting.

Key Responsibilities:

A. Programme Strategy & Design

• Design a holistic, annual InfoSec Awareness Programme covering all staff segments — branch

employees, operations, technology, management, and executives.

• Segment the audience and tailor content and delivery methods per segment: role-based risks, language

level, digital literacy, and regulatory obligations.

• Apply behavioural science principles (nudge theory, social proof, loss aversion) to design campaigns that

change behaviour, not just increase awareness scores.

• Map programme activities to security pillars, CBE Cybersecurity Framework culture requirements, and

PCI DSS awareness obligations.

• Define programme KPIs: phishing simulation click rates, training completion rates, awareness survey

scores, and reported incident rates by staff.

B. Communication & Marketing Execution

• Produce and distribute security awareness communications across channels: email newsletters, intranet,

digital signage, branch posters, and leadership messages.

• Write copy and design briefs that translate technical security concepts into plain, compelling business

language — Arabic and English.

• Partner with Marketing function to ensure awareness materials align with the bank's brand guidelines and

STEP strategy visual identity.

• Build and maintain an annual awareness calendar aligned to global events (Cybersecurity Awareness

Month, Safer Internet Day, World Password Day) and internal milestones.

C. Interactive Activities & Vendor Management

• Source, evaluate, and manage vendors delivering awareness platform services (e.g., KnowBe4,

Proofpoint Security Awareness, Terranova, or equivalent).

• Design and run phishing simulation campaigns: configure scenarios, set difficulty progression, manage

employee follow-up training, and report results.

• Deliver interactive awareness sessions including workshops, tabletop scenarios, gamified learning,

escape room formats, and lunch-and-learn events.

• Organise executive and board-level awareness sessions tailored to cyber risk and governance — these

require different content and delivery than general staff campaigns.

• Manage vendor SLAs, budgets, and delivery quality for all third-party awareness service providers.

D. Measurement & Reporting

• Track programme performance metrics monthly: training completion, phishing click rates, awareness

survey results, and engagement channel reach.

• Report quarterly to the Head of Engagement and CISO with trend analysis, benchmark comparisons

(industry and Egyptian banking sector), and programme adjustments.

• Feed phishing click rate KRI data into the InfoSec KRI dashboard for board-level risk reporting.

• Conduct an annual security culture survey and produce a report with year-on-year trend and action plan.

Requirements

• Minimum 6 years of experience across information security, internal communications, or digital marketing

— with at least 3 years specifically in security awareness programme management.

• Proven track record designing and running a security awareness programme in a financial institution —

must be able to show measurable outcome improvements (e.g., phishing click rate reduction, training

completion uplift).

• Strong Arabic and English written communication skills — content writing is a core part of this role.

• Experience managing awareness platform vendors and phishing simulation tools.

• Understanding of PCI DSS Requirement 12.6 (security awareness education) and CBE

culture/awareness obligations.

Preferred Certifications

• SANS Security Awareness Professional (SSAP)

• CompTIA Security+ or equivalent foundational security qualification

• CIM Certificate/Diploma in Professional Marketing or equivalent marketing qualification

Preferred Experience

• Experience in Egyptian banking or Arabic-language corporate communication environments.

• Familiarity with KnowBe4, Proofpoint Security Awareness Training, or Terranova platforms.

• Experience delivering executive and board-level security briefings.

• Background in instructional design or adult learning principles.

Benefits

• Attractive, market-leading salary package
• Clear career advancement path with professional development opportunities