نوع العمل : عمل كلى
الخبرة : 15+ سنة
الراتب : not mentioned
المكان : Egypt
الخبرة : 15+ سنة
الراتب : not mentioned
المكان : Egypt
تفاصيل الوظيفة
توظيفدوام كامل
التصنيفخدمة العملاء
المجالالصناعة الآلية
POSITION SUMMARY:
The Information Security Manager is responsible for establishing, governing, and continuously improving the organization’s information security management framework. The role focuses on security strategy, risk management, policies, compliance, audit readiness, and security assurance across IT and business functions. The Information Security Manager provides independent oversight of security controls implemented by IT Operation team ensuring alignment with regulatory requirements, organizational risk appetite, and industry best practices, without assuming operational ownership of systems or platforms.
DUTIES & RESPONSIBILITIES:
Define, maintain, and continuously improve the Information Security Management System (ISMS) aligned with organizational objectives and regulatory requirements. Develop and enforce information security policies, standards, and procedures covering identity security, data protection, endpoint security, email security, cloud and Saa S usage. Own the information security risk management process, including risk identification, assessment, treatment, acceptance, and periodic review. Act as the control owner for security governance while ensuring system administration teams remain responsible for technical implementation and operations. Lead internal and external information security audits (e.g., ISO 27001, data protection audits), ensuring evidence readiness and tracking remediation actions to closure. Define security control requirements for areas such as Conditional Access, DLP, email security, PKI, logging, and monitoring, without performing day‑to‑day administration. Review and formally approve security risk exceptions, compensating controls, and residual risk acceptance in line with approved governance processes. Establish and monitor security KPIs and KRIs (e.g., risk exposure, policy compliance, audit findings, security awareness effectiveness) and report them to senior leadership. Oversee security incident governance by defining classification, escalation, communication, and reporting requirements; act as advisor and assurance role during major incidents. Coordinate security awareness and training programs to promote secure behavior across users, administrators, and management. Ensure data protection and privacy requirements are embedded into business processes, applications, and third‑party engagements. Review third‑party and vendor security assessments, contractual security clauses, and compliance attestations. Collaborate with IS&T Operations Team to validate that implemented controls meet defined security standards. Maintain security documentation including policies, risk registers, audit reports, and management review outputs. Provide independent security advice to leadership on emerging threats, regulatory changes, and security improvement initiatives.
QUALIFICATIONS REQURIED:
Bachelor’s degree in information security, Computer Science, Information Systems, or related field. Professional security certification preferred (e.g., CISSP, CISM, ISO 27001 Lead Implementer/Lead Auditor).
15+ years of experience in information security, IT risk management, or security governance roles with at least 3–5 years in a managerial or senior security oversight position. GRC platforms (risk registers, audit tracking, policy management). Security reporting and dashboarding tools. Familiarity with SIEM, DLP, IAM, endpoint, and email security technologies. Documentation and evidence management tools.
The Information Security Manager is responsible for establishing, governing, and continuously improving the organization’s information security management framework. The role focuses on security strategy, risk management, policies, compliance, audit readiness, and security assurance across IT and business functions. The Information Security Manager provides independent oversight of security controls implemented by IT Operation team ensuring alignment with regulatory requirements, organizational risk appetite, and industry best practices, without assuming operational ownership of systems or platforms.
DUTIES & RESPONSIBILITIES:
Define, maintain, and continuously improve the Information Security Management System (ISMS) aligned with organizational objectives and regulatory requirements. Develop and enforce information security policies, standards, and procedures covering identity security, data protection, endpoint security, email security, cloud and Saa S usage. Own the information security risk management process, including risk identification, assessment, treatment, acceptance, and periodic review. Act as the control owner for security governance while ensuring system administration teams remain responsible for technical implementation and operations. Lead internal and external information security audits (e.g., ISO 27001, data protection audits), ensuring evidence readiness and tracking remediation actions to closure. Define security control requirements for areas such as Conditional Access, DLP, email security, PKI, logging, and monitoring, without performing day‑to‑day administration. Review and formally approve security risk exceptions, compensating controls, and residual risk acceptance in line with approved governance processes. Establish and monitor security KPIs and KRIs (e.g., risk exposure, policy compliance, audit findings, security awareness effectiveness) and report them to senior leadership. Oversee security incident governance by defining classification, escalation, communication, and reporting requirements; act as advisor and assurance role during major incidents. Coordinate security awareness and training programs to promote secure behavior across users, administrators, and management. Ensure data protection and privacy requirements are embedded into business processes, applications, and third‑party engagements. Review third‑party and vendor security assessments, contractual security clauses, and compliance attestations. Collaborate with IS&T Operations Team to validate that implemented controls meet defined security standards. Maintain security documentation including policies, risk registers, audit reports, and management review outputs. Provide independent security advice to leadership on emerging threats, regulatory changes, and security improvement initiatives.
QUALIFICATIONS REQURIED:
Bachelor’s degree in information security, Computer Science, Information Systems, or related field. Professional security certification preferred (e.g., CISSP, CISM, ISO 27001 Lead Implementer/Lead Auditor).
15+ years of experience in information security, IT risk management, or security governance roles with at least 3–5 years in a managerial or senior security oversight position. GRC platforms (risk registers, audit tracking, policy management). Security reporting and dashboarding tools. Familiarity with SIEM, DLP, IAM, endpoint, and email security technologies. Documentation and evidence management tools.