Location: Cairo, Egypt (100% On-Premise)
Contract Duration: 6 Months (Extendable)
Employment Type: Contract
About us:
Where elite tech talent meets world-class opportunities!
At Xenon7, we work with leading enterprises and innovative startups on exciting, cutting-edge projects that leverage the latest technologies across various domains of IT including Data, Web, Infrastructure, AI, and many others. Our expertise in IT solutions development and on-demand resources allows us to partner with clients on transformative initiatives, driving innovation and business growth. Whether it's empowering global organizations or collaborating with trailblazing startups, we are committed to delivering advanced, impactful solutions that meet today’s most complex challenges.
Join one of Egypt’s premier financial institutions, renowned for its extensive suite of banking services, including Institutional Banking, Personal Banking, and Islamic Banking. With a global presence through over 50 branches and correspondents, we serve a diverse and dynamic clientele. As we embark on a groundbreaking digital transformation journey, we are committed to leveraging the latest technologies to establish a state-of-the-art data architecture that will redefine our performance and service delivery.
This role exists to accelerate the information security compliance posture across IT and Digital Transformation. The specialist acts as the InfoSec function's technical compliance arm—tracking, evidencing, and reporting on remediation progress against CBE Cybersecurity Framework requirements, PCI DSS obligations, and internal control commitments. The role also leads and executes assurance exercises, either directly or by scoping and managing third-party security assessment engagements.
A. IT & Digital Transformation Compliance Follow-Up
• Maintain a live compliance tracker across all active CBE Cybersecurity Framework control domains (IAM,
PAM, GRC, Container Security, and others).
• Conduct regular technical walk-throughs with IT and Digital Transformation teams to validate
implementation status and close evidence gaps.
• Escalate risks and blockers to the Head of GRC and CISO with clear risk-quantified language suitable for
Risk Committee reporting.
• Map remediation actions to OKR key results and track delivery against agreed timelines.
• Prepare compliance status reports in a format suitable for senior management and regulatory audiences.
B. PCI DSS Engagement Lead
• Own the end-to-end PCI DSS engagement cycle — scoping, gap assessment, remediation tracking, QSA
coordination, and Report on Compliance (RoC) or Self-Assessment Questionnaire (SAQ) readiness.
• Coordinate across IT, Operations, and Digital to ensure cardholder data environment (CDE) controls are
implemented, evidenced, and maintained.
• Manage the relationship with the appointed Qualified Security Assessor (QSA) and act as the internal
point of contact throughout the assessment cycle.
• Drive closure of PCI DSS findings and build a compensating controls register where technical controls are
not yet feasible.
• Maintain PCI DSS documentation library including network diagrams, data flow diagrams, asset inventory,
and policies relevant to the CDE.
C. InfoSec Assurance Exercises
• Plan and execute assurance activities including control testing, configuration reviews, access reviews,
and policy compliance spot checks.
• Scope, procure, and manage third-party security assessment vendors where specialized assessment
capability is required (e.g., penetration testing, red team exercises, cloud security reviews).
• Produce clear assurance reports with risk-rated findings, business impact statements, and prioritized
remediation recommendations.
• Track finding remediation to closure and validate effectiveness of corrective actions.
• Coordinate with the InfoSec Control Validation Manager to align assurance outputs with
broader control validation programme.
Requirements
• Minimum 7 years of information security experience, with at least 3 years in a banking or financial
institution.
• Hands-on PCI DSS experience — must have participated in or led at least one full RoC or SAQ-D
assessment cycle.
• Deep knowledge of CBE Cybersecurity Framework requirements and Egyptian regulatory context.
• Experience conducting technical compliance gap assessments across IT infrastructure, network, and
application layers.
• Strong written and verbal communication skills in both Arabic and English.
Preferred Certifications
• CISA — Certified Information Systems Auditor
• PCIP or PCI ISA — PCI Internal Security Assessor
• ISO 27001 Lead Auditor
• CISM — Certified Information Security Manager
Preferred Experience
• Prior experience in an Egyptian bank or financial institution operating under CBE oversight.
• Familiarity with GRC tooling (RSA Archer, ServiceNow GRC, or equivalent).
• Experience working with external auditors, QSAs, and regulators.
Benefits
Xenon7 delivers specialized AI operations, AI products and services. Our innovation practice helps you separate initiatives warranting business investment from hype. We operate free from the bloat, weight and pyramidal structure of legacy consulting firms. Xenon7 enables our clients to make better human and technology decisions, and ethically achieve more with less.
