Loading...
Share this Job

Enterprise Security GRC & Architecture Manager

JOB PURPOSE:

  • Manage Etisalat Misr Enterprise Security Governance, Risk & Compliance team to ensure they are keeping track of Etisalat Misr Security Risk and Enterprise Security Posture and enhance our security controls.
  • Day to day tasks including Preforming Security Audit, Risk Assessments, Develop and maintain Min. Security Baseline, Preforming periodic Security Assessments for Etisalat Misr Service and projects.
  • Participate in maintaining and enforcing Ethical Misr Information Security Management System (ISMS).

 

KEY ACCOUNTABILITIES:

Security Risk Managements:

  • Maintain and operate risk management frameworks and program.
  • Communicate risk assessment findings and help system custodians to tackle the risk and decide proper risk mitigation strategy
  • Keep track of identified risks and make periodic analysis to reevaluate the risk and action
  • Suggest corrective actions to the Information Security Management and revaluate on periodic bases as per the risk Management plan
  • Assist Technology and Control through risk assessment cycle to ensure proper effectiveness
  • Suggest corrective actions to the Information Security Management and revaluate on periodic bases as per the risk Management plan
  • Document and follow Etisalat Misr Risk Registry and Security Assessment folder procedure
  • Document and follow Etisalat Misr Risk Registry and Security Assessment folder procedure
  • Bridge gap between business and technical in describing risks and impact, to assist business in taking correct decision concerning the risk mitigations
  • Conducts impact analysis to ensure resources are adequately protected with proper security measures
  • Reviews risk assessments, analyzes the effectiveness of information security control activities, and reports on them with actionable recommendations
  • Assesses threats and vulnerabilities regarding information assets and recommends the appropriate information security controls and measures

 

Security Governance:

  • Develop and Maintain security standards (MBSS), IS policies and procedures.
  • Develop, Plan and Operate Security Awareness Program for Etisalat Misr.
  • Preform Security Awareness Program for Etisalat Misr.
  • Study Security Industry Best Practice that suites Etisalat Misr or is needed for Business.
  • Monitor & Perform measurement and analysis on the Enterprise Security Controls and Information Security Performance and effectiveness
  • Assist in Decision Taking for more proper investment in Security by providing proper analysis and reporting
  • Interact with internal & external departments & regulatory entities to collect regulatory or requests and provide Enterprise Security requirements to other entities.

 

Security Compliance & Audit:

  • Audit and Enforce IS Polices & security standards (MBSS).
  • Ensure implementation of security policies, controls and their compliance and escalate critical security events, if necessary
  • Develop, maintain Audit Security Configuration Standard.
  • Centralize and track the audit findings and ensure to re-audit in timely manner and escalate in case of delays
  • Conduct regular and ad-hoc Security Audits
  • Follow the Audit and Compliance Calendar timeline
  • Ensure the maintenance and continuous of Etisalat Misr Compliance programs
  • Keep update of the compliance standards and their changes and the cause of change
  • Consolidate the Compliance effort and establish a business as usual effort for compliance.

 

Security Architecture:

  • Conduct regular and adhoc security reviews.
  • Assist in designing the Security solutions to protect IT telecom, ISP System along
  • Review new projects and ensure that current risk will not impact or be revaluated by these new projects.
  • Develop a security review folder for new project and integrate with the risk management program
  • Reviewing Demand Requests and New Project Impacting Etisalat Security

 

 

 

QUALIFICATIONS AND EXPERIENCE:

 

Qualifications:

Essential

  • Bachelor’s degree in Engineering, Computer Science or relevant discipline.
  • Specialized Studies in Information/Cyber Security & IS Management Systems (Diploma, Masters, GSEC 401,CISM)
  • Hands-on &  Knowledge in preforming Information Security Audits
  • Hands-on & Knowledge in risk Assessments methodologies and hands-on building a risk management framework for enterprise
  • Hands-on & Knowledge Security Testing & Assessments (Application, Network & System Security)
  • Knowledge in Security Technical Controls (FW,IPS, SIEM, AV, DLP …etc)
  • Hands-on Constructing MBSS (Min Baseline Security Standards)
  • Good Presentation and communication Skills
  • Good Documentation skills
  • Excellent Computer skills, MS Visio & MS office.
  • Excellent in Arabic & English (Reading, Writing & Oral).

Desirable

  • Knowledge Network and System administration
  • Hands-on in Security Technical Controls (FW,IPS, SIEM, AV, DLP …etc)
  • Hands-on Penetration Testing (Network, Application & Systems)
  • Project Management

 

 

Experience:

Essential

  • Information Security Testing and Risk Assessment.
  • Security Compliance & Configuration Security Auditing.
  • Governance & Information Security Management Frameworks
  • Working Experience is ICS or Similar environments
  • Minimum of 5 years working Related experience

 

 

Desirable

  • Security Technology Implementations or Operations
  • Hands-on Penetration Testing (Network, Application & Systems)
  • Incident Handling & Forensic
  • Project or Service Management
  • Information Security certification is required.