1.Recommend changes to policies and procedures based on changes to regulations, standards or best practices ensuring that any security mandates are adequately implemented and reported such as ISO, PCI, SWIFT, CBE regulations, and other applicable standards.

2.Conduct the annual review and update of the area’s processes, procedures with the adherence to the developed SLAs.

3.Coordinate with third parties for any planned/unplanned security testing/ assessments or reviews and ensure smooth communication and effective process are taking place to cover and achieve the defined assessment scope (ex: penetration testing).

4.Recommend and coordinate with the Security Operations Center for the security compliance monitoring requirements as needed such as File Integrity Monitoring, Database Activity Monitoring and others.

5.Ensure maintenance of all needed documentation supporting security compliance requirements, and audit issues for ongoing tracking and documentation.

6.Participate in Secure Development and Acquisition life cycle process to assess and identify areas of concern from security compliance perspective in line with regulations, standards and best practices.

7.Review and ensure the semi-annual firewall reviews are conducted to ensure compliance with PCI, Swift standards and the developed security policies.

8.Develop the necessary compliance use cases to support the different security controls and compliance requirements and communicate violations to the relevant teams.

9.Maintain an inventory of all outstanding compliance issues and ensure ongoing tracking till closure and reporting the same is the respective KPIs and management dashboards.

10.Maintain annual compliance with the different standards such as ISO27001, PCI-DSS, Swift CSP, etc. on the certified scope.

11.Liaise with the different IT Teams to develop standard configuration and baselines for IT Infrastructure and Platforms aligned with industry best practices and standards.

12.Conduct periodic reviews against the approved baselines and ensure closure of all identified gaps.

Qualifications & Experience

Bachelor degree in Engineering, Computer Science, Information Security or equivalent.

Officer: Minimum 4 - 6 years of experience in IT Security, Risk or Compliance

Senior Officer: Minimum 6-8 years of experience in IT Security, Risk or Compliance

Governance, Risk and Compliance background/knowledge

Recommended Certifications:

oISO 27001:2013 Lead Auditor

oCertified PCI-DSS Professional

oEC Council – CEH

Skills

Very good command of English and Arabic languages

Very good Analytical skills

Very good Time management

Very good Teamwork Spirit

Very good Negotiation skills