Senior Cyber Security – GRC Engineer

Job Description

JOB PURPOSE:

This is a hands-on Governance, Risk and Compliance “GRC” expertise role who is a member of the Cyber Security team in the newly established Cyber Security Department. You will partner with Cyber Security manager by applying your domain knowledge to move the company through the security maturity stages. RESPONSIBILITIES/DUTIES

• Delivery of Information Security GRC management and processes that develop with Security Strategy.

• Creation, implementation, and monitoring of information security policies, processes, exceptions, and change management requests assessment to automate and continuously monitor information security controls, risks, testing and incidents.

• Develop and maintain a risk register and a risk management framework.

• Perform end-to-end IT solutioning/workflow risk assessment to identify potential risks and propose mitigation solutions.

• Schedule regular assessments and testing of effectiveness and efficiency of controls and creates security metrics & dashboards.

• Ensure that requirements in the IT Audit, Standard, Policy, Compliance and Risk controls are met or have a clear plan to achieve.

• Update security controls and provides support to all stakeholders on internal assessments, laws and regulations.

• Responsible for managing Third Party Risk management (review of NDA, SLA, SOC type II reports).

• Performs and investigates internal and external information security risk and exceptions assessments.

• Coordinate with Infrastructure and applications team to implement identified controls, policies, and procedures.

• Develop information security awareness materials to be sent to all employees.

• Remain current on best practices and technological advancements and acts as the College’s technical resource for security assessment and regulatory compliance.

• Performs other related duties as assigned. ESSENTIAL QUALIFICATIONS, KNOWLEDGE & EXPERIENCE

QUALIFICATIONS:

• Bachelor’s degree in Computer and Information Science, Engineering, or related field.

• Fluent in English (spoken and written)

• Security Certifications – such as:

Certified in Risk and Information Systems control (CRISC).

ISO 27001 Lead Implementer / Auditor.

RATP DEVELOPPEMENT MOBILITY CAIRO – Operation and Maintenance

Confidentiality: Private

Job Description Form

GD-650HRS000TACXXXX-01

Job Description Template

GD-580HRS000TAC0001-01

Page 2 of 3

LIMITED SHARING

• Ability to understand and assess technology systems and applications from both a technical and business function perspective.

• Ability to communicate business and technical risk to all levels of the audience.

• Ability to present security topics to a non-technical audience.

• A good understanding of IT networking and access management concepts.

• Willing to cross trains, do job rotation and take on responsibility in other security domain.

KNOWLEDGE:

• Knowledge of Information Security Risk management processes & assessment (ISO27005).

• Familiarity with Third Party Risk Management, External and internal Audit.

• Strong demonstrated knowledge of Business Continuity Plan and Disaster Recovery Plan.

EXPERIENCE:

• Must Have 3 – 5 years of work experience related to most of the Cyber Security areas.

• Experience of implementation security policies and procedures within multination organization is MUST. DESIRED BEHAVIORS

• Assertive

• Self-Assured

• Enthusiastic

• Attention to detail personality

• Open minded to explore security initiatives