42 Cyber Risk Management jobs in Egypt

Job Summary:

We are seeking a highly motivated and experienced
RCSA Team Leader
to join our Operational Risk Management team. The candidate will be responsible for Leading and supervise RCSA team and the RCSA process as well. The ideal candidate will have a strong background in operational risk, internal controls, and a proven ability to lead and mentor subordinate. This role is crucial for ensuring the effective identification, assessment, mitigation and monitoring the operational risks across Banque Du Caire.

Job Responsibilities:

• Lead and manage RCSA analysts, providing guidance, coaching, and performance feedback.
• Oversee the end-to-end RCSA process, including planning, execution, and reporting.
• Drive the identification and assessment of operational risks and the effectiveness of controls.
• Review the preparation of desk research and pre-lists of risks, including the applied control submitted from RCSA team.
• Supervise daily operations of the RCSA team including obtain the final approval on the RCSAs from relevant departments, the action plans follow up to ensuring their implementation and reviewing the accuracy of the data entry in RCSA system.
• Supervising the control testing process and follow up on the results of control testing in order to prepare the required reports
• Collaborate with business unit to ensure the timely and accurate completion of RCSAs.
• Review and challenge risk and control assessments to ensure quality, consistency, and accuracy.
• Develop and maintain the RCSA methodology and framework, ensuring alignment with regulatory requirements and industry best practices.
• Provide guidelines and support to business units on the RCSA process and operational risk concepts.
• Supervise and support the RCSA team with ad-hoc projects and tasks as required by Head of RCSA.

Job Qualifications:

• Bachelor's degree in finance, Business, Accounting, or a related field. A master's degree is a plus.
• Minimum of 6 years of experience in banking with minimum 3 years in operational risk management, internal audit, with at least 2 years in a leadership or supervisory role.
• Strong understanding of operational risk management frameworks, including RCSA, KRIs, ORAP, ILD, IT Risk and BCM.
• Strong analytical, problem-solving, and communication skills.
• Proven ability to influence and collaborate with stakeholders at all levels.
• Strong knowledge of regulatory requirements related to operational risk (e.g., Basel, COSO, ISO
• Professional certifications such as CORP, COSO, or ISO is highly desirable.
• Professional Knowledge Microsoft Office Suite (Risk management system is a plus)

Requirements:

• Bachelor's degree in Computer Engineering, Information Technology, or related field.

• 1–2 years of relevant experience in Information Security operations.

• Knowledge of networking, operating systems (Windows/Linux).

• Certifications such as CCNA, MCSA, or Linux are a plus.

• Good understanding of firewalls and endpoint security solutions.

• Strong problem-solving and analytical skills.

• Applicants must be residents of Alexandria.

Job Duties:

• Implement and monitor security measures to protect computer systems, networks, and information.

• Identify and define system security requirements.

• Design security architecture and develop detailed cybersecurity designs.

• Manage and troubleshoot firewalls, endpoint security, and related security tools.

• Respond to and investigate security incidents.

If you are interested, kindly send your updated CV to with email subject Information Security Engineer

About Us

We're a growing
fintech startup
reimagining secure financial systems. Security is not a department — it's a culture. We're looking for an engineer who thrives at the intersection of
development, operations, and security
— someone eager to help us
shift security left
and embed it into our
SDLC
.

About the Role

As a
Security Software Engineer
, you will play a key role in securing our systems from design to deployment. You will work closely with engineers, DevOps, and product teams to
integrate security practices
, ensure
cloud and infrastructure safety
, and support
compliance initiatives
like ISO or PCI DSS.

What You'll Do

• Embed security throughout the
  software development lifecycle (SDLC)
• Build and maintain
  security tools
  , scripts, and automations
• Integrate security controls into CI/CD pipelines
• Conduct threat modelling, secure code reviews, and vulnerability assessments
• Monitor and respond to incidents using
  SOC tools
  (e.g., Wazuh, Suricata, OSSIM)
• Support and enforce
  cloud security best practices
  (AWS/Azure)
• Collaborate with engineers to
  raise security awareness
  and fix vulnerabilities
• Participate in and contribute to
  ISO 27001, PCI DSS
  , and similar processes
• Document security standards and provide internal training

What We're Looking For

• 3+ years in
  security engineering
  , DevSecOps, or a similar role
• Strong familiarity with
  SDLC security practices and shift-left approach
• Experience with one or more
  programming/scripting languages
  (C#, Python, Bash, etc.)
• Experience working with
  Agile and XP teams
• Hands-on experience with
  SOC tools
  , SIEM, and log correlation
• Good grasp of
  cloud security (IAM, encryption, networking)
• Familiar with
  DevOps tooling
  (CI/CD, Docker, IaC, etc.)
• Solid foundation in
  networking protocols, firewalls, VPNs
• Competence with
  Git-based workflows
• Contributed to or maintained parts of
  ISO 27001, PCI DSS
  , or SOC2 programs

Nice to Have

• Certifications:
  Security+
  ,
  CISSP
  ,
  OSCP
  ,
  CEH
  , or cloud security credentials
• Experience with
  threat intelligence
  ,
  attack simulation tools
  , or
  bug bounty triage
• Exposure to
  Zero Trust architectures
• Familiarity with tools like
  Trivy, Checkov, Snyk, Owasp ZAP
• Experience in
  incident response and postmortems

Why Join Us?

• Flexible hours, outcome-based work
• Culture of transparency, agility, and collaboration
• Work with a team that values
  security as code
• High-impact role in shaping secure fintech systems
• A strong platform for
  growth, innovation, and leadership

Job No:

Location: Egypt

Role Profile:

The GRC Lead – Privacy, Risk & Access Management will play a pivotal role in strengthening Alshaya Group's governance, risk, and compliance posture with a core focus on data privacy, enterprise risk management, and identity & access governance. This role will also lead and support cross-functional security projects such as SSO integration and user access reviews, ensuring secure, compliant, and business-aligned identity practices across the enterprise.

The Below Key Performance Areas include but are not limited to:

 Develop and implement privacy and data protection policies aligned with GDPR, KVKK, PDPL, and other regional regulations.

Conduct DPIAs, PIAs, and privacy risk assessments to ensure responsible data handling.

anage enterprise risk through a structured Risk Management Framework and maintain the Enterprise Risk Register.

efine and enforce IAM policies including RBAC, SoD, and user access reviews.

ead or support IAM initiatives such as SSO integrations, PAM implementations, and access certification campaigns.

lign GRC and IAM practices with standards like ISO 27001, NIST, PCI DSS, and SOX.

acilitate internal and external audits, assessments, and third-party reviews.

versee GRC tools and privacy platforms (e.g., Archer, OneTrust, ServiceNow GRC).

rive cross-functional projects including policy harmonization and audit remediation.

repare executive-level reports and dashboards for governance and compliance oversight.

ct as a liaison for privacy, risk, and IAM discussions across departments.

romote GRC awareness and training across the organization.

Knowledge:

trong understanding of global privacy regulations (e.g., GDPR, KVKK, PDPL) and data protection principles.

n-depth knowledge of enterprise risk management frameworks and risk assessment methodologies.

amiliarity with IAM concepts including RBAC, SoD, SSO, PAM, and identity lifecycle management.

xperience with compliance standards such as ISO 27001, NIST, PCI DSS, and SOX.

roficiency in using GRC and privacy management tools (e.g., Archer, OneTrust, ServiceNow GRC).

bility to lead cross-functional projects and integrate GRC, IAM, and privacy workflows.

trong stakeholder engagement and communication skills for executive and cross-departmental collaboration.

nalytical skills for conducting DPIAs, PIAs, and interpreting KRIs and audit findings.

nowledge of authentication protocols (e.g., SAML, OIDC) and identity governance best practices.

xperience in managing DSARs, breach responses, and audit readiness activities.

Experience:

-7 years experience in Information Security Domain

achelor's degree in Information Security, Computer Science, Risk Management, or related field. Master's degree or MBA is a plus.

IPP/E, CIPM, or other IAPP certifications; CRISC, CISA, or ISO 27001 Lead Implementer; Identity and Access certifications such as Azure, Okta, or SailPoint; ITIL or PMP for project management is a plus.

Skills:
br>
Strong understanding of IAM principles, SSO protocols (SAML, OIDC), and identity lifecycle.

nowledge of privacy regulations and enterprise risk frameworks.

xcellent stakeholder management, communication, and cross-functional collaboration skills.

roficient in GRC tools , Privacy Tools & Access management platforms.

Advertised: 10 Sep 2025

Application close: 11 Oct 2025

About Us
NowPay (YC W21) is a FinTech startup building a financial-wellness platform for employees in emerging markets. Saving, spending, budgeting and borrowing. Those are the 4 pillars of financial-wellness. NowPay aims to improve every aspect of those for employees by building products that tackle every vertical.

NowPay enables employees to get their salaries in advance at any point in time during the month and also pay their bills instantly. NowPay is backed by YCombinator, 500 Startups, BECO Capital, Global Ventures, Endure, Plug and Play, MSA Capital, 4dx, Foundation Ventures, EFG and Beltone.

Job Description
Role Summary:
We are seeking a skilled and proactive Information Security Engineer to lead and scale NowPay's cybersecurity posture. This role is critical to securing sensitive employee financial data, ensuring the integrity of salary disbursement systems, and supporting regulatory compliance (e.g. local regulators, PCI-DSS, and GDPR). The successful candidate will be responsible for designing and enforcing best-in-class security practices across our platforms, cloud infrastructure, and internal processes.

Key Responsibilities
Security Strategy & Architecture

• Define and continuously improve NowPay's information security strategy, policies, and controls across all layers (cloud, app, infrastructure).
• Lead threat modeling and risk assessment activities for new and existing systems.
• Ensure secure design of new fin-tech products including salary advance, BNPL, and bill payment services.

Vulnerability Management & Monitoring

• Conduct regular security assessments, vulnerability scans, and penetration testing.
• Monitor and respond to security incidents, collaborating with engineering and DevOps teams for resolution.
• Maintain and enhance audit logging, intrusion detection, and alerting systems.

Cloud & Application Security

• Implement secure configurations and hardening of AWS infrastructure (IAM, EC2, S3, RDS, etc.).
• Ensure secure code practices via CI/CD pipelines, code reviews, and dependency scanning (GitHub, Jira).
• Support the engineering team with encryption, tokenization, and data integrity mechanisms.

Compliance & Risk

• Support compliance with relevant regulatory frameworks (local regulators, PCI-DSS, ISO
• Manage security documentation, audits, and incident response playbooks.
• Collaborate with legal and compliance teams on security requirements for licensing or audits.

Employee Security Enablement

• Lead security awareness training for employees (e.g., phishing, password hygiene, secure device usage).
• Manage identity and access management (IAM), two-factor authentication, and role-based access controls.

Requirements

• 3+ years of experience in information security, preferably in fin-tech, banking, or SaaS environments.
• Hands-on experience with cloud/on-site security.
• Familiarity with regulatory and compliance standards: local regulators, GDPR, PCI-DSS, ISO 27001.
• Proficient in tools such as Metabase, GitHub, Jira, SIEMs, firewalls, and endpoint protection systems.
• Strong knowledge of OWASP Top 10, encryption protocols, and authentication systems.
• Bachelor's degree in Computer Science, Information Security, or related fields.

Benefits

• Medical insurance coverage
• Social insurance
• Salary advance

check(event) ; career-website-detail-template-2 => ,meta)" mousedown="lyte-button => check(event)" final- final-class="lyte-button lyteBackgroundColorBtn lyteSuccess" lyte-rendered="">

Job No:

Location: Egypt

Role Profile:

The GRC Admin will be responsible in implementing, interpreting, and ensuring compliance with information security policies. Assess and prioritize cybersecurity risks, supporting regulatory compliance, and report security metrics, maintaining governance standards, conducting risk assessments for internal systems and third-party vendors, enforcing security policies, and advising leadership on risk strategies such as mitigation, reduction, transfer, exception handling, and residual risk analysis.

The Below Key Performance Areas include but are not limited to:

 Implement a data security & privacy risk reporting framework aligned with ISO standards.

Design and document controls to ensure compliance with regulatory and internal requirements.

acilitate remediation of control gaps and escalate critical issues to leadership.

anage exception review processes and ensure periodic documentation and review.

repare for and support regulatory examinations such as PCI DSS.

ollaborate with auditors and control owners to ensure timely completion of requests.

onitor and analyze information security metrics to evaluate program effectiveness.

onduct risk assessments to identify vulnerabilities in systems and third-party products.

ecommend and implement controls to mitigate identified security risks.

ommunicate risk findings and actionable recommendations to stakeholders.

upport workforce security initiatives including awareness and training programs.

acilitate eDiscovery and data collection for investigations of policy violations.

nalyze security incidents and coordinate remediation and awareness efforts.

ontribute to the development and lifecycle management of security policies and procedures.

ollaborate across the organization to implement and enforce security policies.

Knowledge:

nderstanding of ISO standards and frameworks for information security risk reporting.

nowledge of designing and implementing technical, administrative, and physical security controls.

amiliarity with regulatory compliance requirements (e.g., GDPR, PCI DSS) and audit processes.

xperience in managing exception handling processes and compliance documentation.

bility to evaluate and improve the effectiveness of information security programs using metrics.

roficiency in conducting and documenting information security risk assessments.

nowledge of risk mitigation strategies and control implementation.

trong communication skills to convey risk findings and recommendations to stakeholders.

wareness of workforce security practices, including training and awareness programs.

xperience with eDiscovery processes and handling policy violation investigations.

nalytical skills for incident analysis and coordination of remediation efforts.

nderstanding of policy development, lifecycle management, and enforcement.

bility to collaborate across departments to implement security policies effectively.

Experience:

years experience in Information Security Domain

raduation Degree/BTech, Computer Science

ecurity +, Networking, certifications is added advantage.

Skills:
br>
Strong knowledge of information security governance, risk assessment, and compliance frameworks (e.g., GDPR, PCI DSS).

bility to develop, implement, and manage security policies, controls, and awareness programs.

roficiency in conducting risk assessments and analysing security metrics to support decision-making.

xcellent communication and collaboration skills for working with leadership, auditors, and cross-functional teams.

Advertised: 10 Sep 2025

Application close: 11 Oct 2025

• Establish and maintain the organization's Cyber Defense methodology in line with security regulations and requirements.
• Obtain senior management endorsement for security policies, standards, and procedures by clearly articulating their benefits.
• Investigate cybersecurity incidents and violations, reporting findings and recommendations to the CISO.
• Respond rapidly and effectively to cybersecurity incidents in line with incident management processes.
• Prepare periodic performance reports based on analysis and correlation of security events.
• Oversee projects and deployments of security tools to ensure an effective security posture.
• Lead the Security Operations Center (SOC) team, including shift planning and operational tool implementation.
• Manage the Cyber Defense Centre and its resources to ensure operational effectiveness.
• Maintain the security of corporate information against all internal and external threats.
• Provide security input into the organization's strategic planning process and enterprise-level decisions.
• Implement and maintain the organization's information security program in alignment with business objectives.
• Raise major cybersecurity incidents directly to the CISO.

Requirements

• Bachelor's degree in Computer Science, Information Systems, or related field.
• 10+ years of experience in Information Security / Cyber Defense.
• Proven experience managing SOC teams and cyber defense operations.
• Strong knowledge of incident response, threat detection, and security monitoring.
• Hands-on expertise with SIEM, endpoint protection, and enterprise security tools.
• Relevant certifications (CISSP, CISM, CISA, or equivalent) preferred.
• Strong analytical, leadership, and communication skills.

Job No:

Location: Egypt

Role Profile:

Alshaya employed a dedicated security team to implement and maintain the organization's information security program. Typically, this group is led by a chief information officer. The security group is generally responsible for conducting risk management, a process through which vulnerabilities and threats to information assets are continuously assessed, and the appropriate protective controls are decided on and applied. The value of an organization lies within its information and its security is critical for business operations, as well as retaining credibility and earning the trust of clients.

Information security programs are built around the core objectives of the CIA triad: maintaining the confidentiality, integrity and availability of IT systems and business data.

The below Key Performance Areas include but are not limited to:

 Define risk governance strategy and ensure alignment with business objectives

Approve control frameworks and ensure cross-functional adoption

eport risk trends and remediation status to executive leadership

overn exception policy and ensure audit readiness

nsure audit outcomes drive continuous improvement

ead enterprise-wide audit planning and regulatory alignment

resent security metrics to board-level stakeholders

trategic alignment of risk assessments with business objectives

ponsor control initiatives and allocate resources

nfluence business decisions through risk intelligence

hampion security culture and workforce engagement

overn enterprise investigation protocols and legal coordination

wn Policy enforcement governance and regulatory reporting

efine policy governance and ensure enterprise alignment

ead enterprise-wide security programs and stakeholder alignment

efine exception handling strategy and oversee execution

Knowledge (Desired):

uthority on ISO governance and regulatory alignment, ensuring frameworks are embedded across the organization.

trategic oversight of control architecture, ensuring alignment with compliance requirements and business objectives.

xecutive-level communication of risk posture, security strategy, and compliance status to leadership and stakeholders.

eadership in compliance governance, regulatory engagement, and fostering a culture of accountability.

ffective stakeholder communication and coordination during investigations and legal holds.

versight of performance measurement, continuous improvement, and reporting of security and compliance KPIs.

eads enterprise risk alignment, facilitates risk assessments, and engages executive stakeholders in mitigation strategies.

overns the full policy lifecycle, ensuring strategic alignment and enforcement of security policies.

eads enterprise-wide compliance and risk mitigation programs through cross-functional collaboration.

versees breach response, including senior management notification and crisis management coordination.

Experience

0 – 15 Years of Experience

 Manager
br>
Professional Certification: CISM, CGEIT, ISO 27001 Lead Auditor, CIPM, CRISC, CISA PCI ISA

Skills:

roficient in Risk Management: Skilled in identifying, evaluating, and mitigating enterprise-level risks.

ands-on experience with GRC tools: Practical knowledge of platforms such as Archer, ServiceNow GRC, or equivalent for managing governance, risk, and compliance workflows.

trategic oversight of security controls: Ability to design, implement, and monitor control frameworks aligned with regulatory standards.

xpertise in ISO and regulatory frameworks: Deep understanding of ISO standards and global compliance requirements (e.g., GDPR, PCI DSS).

olicy governance: Capable of managing the full lifecycle of security policies and ensuring strategic alignment with business objectives.

ompliance leadership: Drives compliance awareness and engagement across departments, including regulatory liaison.

isk communication: Communicates risk posture and mitigation strategies effectively to executive leadership and stakeholders.

ncident response coordination: Leads breach response efforts, including senior management notification and crisis handling.

erformance metrics and evaluation: Oversees the development and tracking of key performance indicators for continuous improvement.

ross-functional collaboration: Leads enterprise-wide initiatives for compliance, risk mitigation, and audit readiness.

Advertised: 10 Sep 2025

Application close: 11 Oct 2025

JOB PURPOSE

To manage and oversee the Information Security Controls and Governance Team to ensure the proper enforcement of the security policies across the organization, remediate identified gaps and mitigate any potential security risks. In addition, to support the implementation of the security strategy with regards to the identity access management and governance, data classification and protection, and security controls validation.

Description

1. Ensure proper management of the Information Security Controls and Governance resources to support ongoing business initiatives from a security controls and governance perspectives, ensuring the development of the necessary security access matrix mapped to the staff's job titles and business activities.

2. Develop and Monitor the Information Security Controls and Governance Area's Key Performance Indicators and ensure adherence to the same. This includes monitoring of the TAT and SLAs of handling the different access management requests. In addition to the KPIs & KRIs related to the Security Controls periodic reviews and assessments.

3. Ensure the annual review and update of the Information Security Controls and Governance area processes and procedures with the development and adherence to the developed SLAs.

4. Manage and oversee the implementation of the Data Classification & Protection program to ensure proper classification framework is defined that helps classify and protect the bank's crown jewels and critical information assets. This includes maintaining the controls necessary to protect information and vital assets in accordance with security requirements and industry standards (privacy requirements, Personal Identifiable Information, encryption, Data Loss Prevention, data retention and destruction) for both structured and unstructured data.

5. Ensure proper timely tracking and closure of open (internal/External) audit issues.

6. Manage and oversee the Identity Access Management and Governance program to ensure proper governance of identities during the employment life cycle of all personnel in accordance with the security requirements and policies. including the development of the applications' security matrix.

7. Manage and oversee the implementation of the Security Controls and Governance roadmap to ensure the planned reviews are conducted as per the predefined frequencies as well as the closure of the identified gaps in a timely manner, and ensure conducting access rights certification campaigns over the different bank systems to validate current access rights granted to employees, and ensure proper enforcements of actions identified as an outcome of the campaigns.

8. Handle and manage exceptions and escalations to ensure proper support and alignment is in place between Information Security Controls and Governance area and the different stakeholders. This includes resolving communication conflicts to ensure a streamlined process is in place.

9. Work collaboratively with Business units, IT teams, Audit, Legal and risk management functions to address open gaps/issues driven from internal/external audit, independent assessments and reviews as applicable, and ensure proper tracking mechanism is in place in coordination with the relevant stakeholders.

10. Ensure proper enforcement of the developed security policies and controls including Physical and Environmental Security policy, Human Resources Security Policy, Information Governance Policy. This in addition to the URL Filtering, Internet Access Policies as well as the Data Loss Prevention Policies.

11. Ensure adherence to the defined security controls operating model to support the different security controls requirements and communicate violations to the relevant teams. This includes managing the different security controls approvals including (Removable media access, Remote Working Access, Internet Access, External Email Access, EMM, etc.) ensuring adherence to the set SLAs and TAT.

12. Assess and take the necessary actions towards the different policies' violations identified through the Privileged Access Management, Security Monitoring Tools such as NexThink, DLP or through the on-going SOC monitoring and reporting.

Qualifications

Qualifications & Experience

 Bachelor's degree of Engineering, Computer Science, Information Security or equivalent.

Minimum years of experience in IT, Information Security, Risk Analysis and / or Governance and Compliance

ecommended Certifications

o SANS Global Information Assurance Certification (GIAC)

o CRISC

o ISO 27001:2013 Lead implementer

o CISM

Skills

ery good command of English and Arabic languages

ery good Management and leadership skills

ery good Negotiation skills

xcellent Communication skills

Primary Location: Egypt-Giza-SMART VILLAGE BLDG. 3

Job: Back Office

Organization: FINANCE, STRATEGY, OPERATIONS & TECHNOLOGY

Shift: Day Job

Job Type: Full-time Employee