Maintain a deep knowledge of risk mitigation principles and techniques of the international risk and security standards to manage compliance with such standards and regulations including ISO 27001, ISO 27005, NIST, PCI/DSS, and more other frameworks.
Conduct technical risk assessments and collaborate/communicate in a simple, clear, and concise manner to the various communities within our organization.
Develop the required Information Security controls and policies to support the organization governance and compliance objectives.
Assist with analysis and documentation of audit remediation actions related to Information Security.
Drive development of use cases and business requirements in close partnership with cross-functional stakeholders (GRC, Security, Privacy, Audit, Compliance, etc.) to fulfill all applicable solution needs.
Employ business analysis and solution skills to interpret business requirements/impacts to ensure the optimal tooling strategies are identified, designed and implemented to meet business needst.
Review the technical design and SDLC documentation with the technical experts to assure controls and policies implementations.
Provide guidance and share best practices for design and implementation of the GRC platforms.
Ensure partnership with different teams for Proactive Compliance Risk Management - identification, assessment, risk action planning, and closures.
Conduct employee awareness and assist in developing training materials and where necessary assist in specific training.
Job Requirements
Minimum of a bachelor's degree or equivalent in information technology, computer science or related field.
The ability to work across multiple frameworks and regulatory standards including, but not limited to: NIST, PCI, ISO, and GDPR.
Experience with information security frameworks and standards as well as risk management processes is a must.
Experienced with performing information security audits processes or risk assessments.
Expertise with security policy development, deployment, and adoption acceleration.
Holding any of these certifications: CISSP, CISM, CRISC, CCISO Experience.
Minimum 7 years of relevant experience.
Languages:
- English: Excellent command of (Speaking, reading and writing).
- Arabic: Native command of (Speaking, reading and writing).
