24 Security Leadership jobs in Egypt

About Us

We're a growing
fintech startup
reimagining secure financial systems. Security is not a department — it's a culture. We're looking for an engineer who thrives at the intersection of
development, operations, and security
— someone eager to help us
shift security left
and embed it into our
SDLC
.

About the Role

As a
Security Software Engineer
, you will play a key role in securing our systems from design to deployment. You will work closely with engineers, DevOps, and product teams to
integrate security practices
, ensure
cloud and infrastructure safety
, and support
compliance initiatives
like ISO or PCI DSS.

What You'll Do

• Embed security throughout the
  software development lifecycle (SDLC)
• Build and maintain
  security tools
  , scripts, and automations
• Integrate security controls into CI/CD pipelines
• Conduct threat modelling, secure code reviews, and vulnerability assessments
• Monitor and respond to incidents using
  SOC tools
  (e.g., Wazuh, Suricata, OSSIM)
• Support and enforce
  cloud security best practices
  (AWS/Azure)
• Collaborate with engineers to
  raise security awareness
  and fix vulnerabilities
• Participate in and contribute to
  ISO 27001, PCI DSS
  , and similar processes
• Document security standards and provide internal training

What We're Looking For

• 3+ years in
  security engineering
  , DevSecOps, or a similar role
• Strong familiarity with
  SDLC security practices and shift-left approach
• Experience with one or more
  programming/scripting languages
  (C#, Python, Bash, etc.)
• Experience working with
  Agile and XP teams
• Hands-on experience with
  SOC tools
  , SIEM, and log correlation
• Good grasp of
  cloud security (IAM, encryption, networking)
• Familiar with
  DevOps tooling
  (CI/CD, Docker, IaC, etc.)
• Solid foundation in
  networking protocols, firewalls, VPNs
• Competence with
  Git-based workflows
• Contributed to or maintained parts of
  ISO 27001, PCI DSS
  , or SOC2 programs

Nice to Have

• Certifications:
  Security+
  ,
  CISSP
  ,
  OSCP
  ,
  CEH
  , or cloud security credentials
• Experience with
  threat intelligence
  ,
  attack simulation tools
  , or
  bug bounty triage
• Exposure to
  Zero Trust architectures
• Familiarity with tools like
  Trivy, Checkov, Snyk, Owasp ZAP
• Experience in
  incident response and postmortems

Why Join Us?

• Flexible hours, outcome-based work
• Culture of transparency, agility, and collaboration
• Work with a team that values
  security as code
• High-impact role in shaping secure fintech systems
• A strong platform for
  growth, innovation, and leadership

Job No:

Location: Egypt

Role Profile:

The GRC Lead – Privacy, Risk & Access Management will play a pivotal role in strengthening Alshaya Group's governance, risk, and compliance posture with a core focus on data privacy, enterprise risk management, and identity & access governance. This role will also lead and support cross-functional security projects such as SSO integration and user access reviews, ensuring secure, compliant, and business-aligned identity practices across the enterprise.

The Below Key Performance Areas include but are not limited to:

 Develop and implement privacy and data protection policies aligned with GDPR, KVKK, PDPL, and other regional regulations.

Conduct DPIAs, PIAs, and privacy risk assessments to ensure responsible data handling.

anage enterprise risk through a structured Risk Management Framework and maintain the Enterprise Risk Register.

efine and enforce IAM policies including RBAC, SoD, and user access reviews.

ead or support IAM initiatives such as SSO integrations, PAM implementations, and access certification campaigns.

lign GRC and IAM practices with standards like ISO 27001, NIST, PCI DSS, and SOX.

acilitate internal and external audits, assessments, and third-party reviews.

versee GRC tools and privacy platforms (e.g., Archer, OneTrust, ServiceNow GRC).

rive cross-functional projects including policy harmonization and audit remediation.

repare executive-level reports and dashboards for governance and compliance oversight.

ct as a liaison for privacy, risk, and IAM discussions across departments.

romote GRC awareness and training across the organization.

Knowledge:

trong understanding of global privacy regulations (e.g., GDPR, KVKK, PDPL) and data protection principles.

n-depth knowledge of enterprise risk management frameworks and risk assessment methodologies.

amiliarity with IAM concepts including RBAC, SoD, SSO, PAM, and identity lifecycle management.

xperience with compliance standards such as ISO 27001, NIST, PCI DSS, and SOX.

roficiency in using GRC and privacy management tools (e.g., Archer, OneTrust, ServiceNow GRC).

bility to lead cross-functional projects and integrate GRC, IAM, and privacy workflows.

trong stakeholder engagement and communication skills for executive and cross-departmental collaboration.

nalytical skills for conducting DPIAs, PIAs, and interpreting KRIs and audit findings.

nowledge of authentication protocols (e.g., SAML, OIDC) and identity governance best practices.

xperience in managing DSARs, breach responses, and audit readiness activities.

Experience:

-7 years experience in Information Security Domain

achelor's degree in Information Security, Computer Science, Risk Management, or related field. Master's degree or MBA is a plus.

IPP/E, CIPM, or other IAPP certifications; CRISC, CISA, or ISO 27001 Lead Implementer; Identity and Access certifications such as Azure, Okta, or SailPoint; ITIL or PMP for project management is a plus.

Skills:
br>
Strong understanding of IAM principles, SSO protocols (SAML, OIDC), and identity lifecycle.

nowledge of privacy regulations and enterprise risk frameworks.

xcellent stakeholder management, communication, and cross-functional collaboration skills.

roficient in GRC tools , Privacy Tools & Access management platforms.

Advertised: 10 Sep 2025

Application close: 11 Oct 2025

About Us
NowPay (YC W21) is a FinTech startup building a financial-wellness platform for employees in emerging markets. Saving, spending, budgeting and borrowing. Those are the 4 pillars of financial-wellness. NowPay aims to improve every aspect of those for employees by building products that tackle every vertical.

NowPay enables employees to get their salaries in advance at any point in time during the month and also pay their bills instantly. NowPay is backed by YCombinator, 500 Startups, BECO Capital, Global Ventures, Endure, Plug and Play, MSA Capital, 4dx, Foundation Ventures, EFG and Beltone.

Job Description
Role Summary:
We are seeking a skilled and proactive Information Security Engineer to lead and scale NowPay's cybersecurity posture. This role is critical to securing sensitive employee financial data, ensuring the integrity of salary disbursement systems, and supporting regulatory compliance (e.g. local regulators, PCI-DSS, and GDPR). The successful candidate will be responsible for designing and enforcing best-in-class security practices across our platforms, cloud infrastructure, and internal processes.

Key Responsibilities
Security Strategy & Architecture

• Define and continuously improve NowPay's information security strategy, policies, and controls across all layers (cloud, app, infrastructure).
• Lead threat modeling and risk assessment activities for new and existing systems.
• Ensure secure design of new fin-tech products including salary advance, BNPL, and bill payment services.

Vulnerability Management & Monitoring

• Conduct regular security assessments, vulnerability scans, and penetration testing.
• Monitor and respond to security incidents, collaborating with engineering and DevOps teams for resolution.
• Maintain and enhance audit logging, intrusion detection, and alerting systems.

Cloud & Application Security

• Implement secure configurations and hardening of AWS infrastructure (IAM, EC2, S3, RDS, etc.).
• Ensure secure code practices via CI/CD pipelines, code reviews, and dependency scanning (GitHub, Jira).
• Support the engineering team with encryption, tokenization, and data integrity mechanisms.

Compliance & Risk

• Support compliance with relevant regulatory frameworks (local regulators, PCI-DSS, ISO
• Manage security documentation, audits, and incident response playbooks.
• Collaborate with legal and compliance teams on security requirements for licensing or audits.

Employee Security Enablement

• Lead security awareness training for employees (e.g., phishing, password hygiene, secure device usage).
• Manage identity and access management (IAM), two-factor authentication, and role-based access controls.

Requirements

• 3+ years of experience in information security, preferably in fin-tech, banking, or SaaS environments.
• Hands-on experience with cloud/on-site security.
• Familiarity with regulatory and compliance standards: local regulators, GDPR, PCI-DSS, ISO 27001.
• Proficient in tools such as Metabase, GitHub, Jira, SIEMs, firewalls, and endpoint protection systems.
• Strong knowledge of OWASP Top 10, encryption protocols, and authentication systems.
• Bachelor's degree in Computer Science, Information Security, or related fields.

Benefits

• Medical insurance coverage
• Social insurance
• Salary advance

check(event) ; career-website-detail-template-2 => ,meta)" mousedown="lyte-button => check(event)" final- final-class="lyte-button lyteBackgroundColorBtn lyteSuccess" lyte-rendered="">

Job No:

Location: Egypt

Role Profile:

The GRC Admin will be responsible in implementing, interpreting, and ensuring compliance with information security policies. Assess and prioritize cybersecurity risks, supporting regulatory compliance, and report security metrics, maintaining governance standards, conducting risk assessments for internal systems and third-party vendors, enforcing security policies, and advising leadership on risk strategies such as mitigation, reduction, transfer, exception handling, and residual risk analysis.

The Below Key Performance Areas include but are not limited to:

 Implement a data security & privacy risk reporting framework aligned with ISO standards.

Design and document controls to ensure compliance with regulatory and internal requirements.

acilitate remediation of control gaps and escalate critical issues to leadership.

anage exception review processes and ensure periodic documentation and review.

repare for and support regulatory examinations such as PCI DSS.

ollaborate with auditors and control owners to ensure timely completion of requests.

onitor and analyze information security metrics to evaluate program effectiveness.

onduct risk assessments to identify vulnerabilities in systems and third-party products.

ecommend and implement controls to mitigate identified security risks.

ommunicate risk findings and actionable recommendations to stakeholders.

upport workforce security initiatives including awareness and training programs.

acilitate eDiscovery and data collection for investigations of policy violations.

nalyze security incidents and coordinate remediation and awareness efforts.

ontribute to the development and lifecycle management of security policies and procedures.

ollaborate across the organization to implement and enforce security policies.

Knowledge:

nderstanding of ISO standards and frameworks for information security risk reporting.

nowledge of designing and implementing technical, administrative, and physical security controls.

amiliarity with regulatory compliance requirements (e.g., GDPR, PCI DSS) and audit processes.

xperience in managing exception handling processes and compliance documentation.

bility to evaluate and improve the effectiveness of information security programs using metrics.

roficiency in conducting and documenting information security risk assessments.

nowledge of risk mitigation strategies and control implementation.

trong communication skills to convey risk findings and recommendations to stakeholders.

wareness of workforce security practices, including training and awareness programs.

xperience with eDiscovery processes and handling policy violation investigations.

nalytical skills for incident analysis and coordination of remediation efforts.

nderstanding of policy development, lifecycle management, and enforcement.

bility to collaborate across departments to implement security policies effectively.

Experience:

years experience in Information Security Domain

raduation Degree/BTech, Computer Science

ecurity +, Networking, certifications is added advantage.

Skills:
br>
Strong knowledge of information security governance, risk assessment, and compliance frameworks (e.g., GDPR, PCI DSS).

bility to develop, implement, and manage security policies, controls, and awareness programs.

roficiency in conducting risk assessments and analysing security metrics to support decision-making.

xcellent communication and collaboration skills for working with leadership, auditors, and cross-functional teams.

Advertised: 10 Sep 2025

Application close: 11 Oct 2025

• Establish and maintain the organization's Cyber Defense methodology in line with security regulations and requirements.
• Obtain senior management endorsement for security policies, standards, and procedures by clearly articulating their benefits.
• Investigate cybersecurity incidents and violations, reporting findings and recommendations to the CISO.
• Respond rapidly and effectively to cybersecurity incidents in line with incident management processes.
• Prepare periodic performance reports based on analysis and correlation of security events.
• Oversee projects and deployments of security tools to ensure an effective security posture.
• Lead the Security Operations Center (SOC) team, including shift planning and operational tool implementation.
• Manage the Cyber Defense Centre and its resources to ensure operational effectiveness.
• Maintain the security of corporate information against all internal and external threats.
• Provide security input into the organization's strategic planning process and enterprise-level decisions.
• Implement and maintain the organization's information security program in alignment with business objectives.
• Raise major cybersecurity incidents directly to the CISO.

Requirements

• Bachelor's degree in Computer Science, Information Systems, or related field.
• 10+ years of experience in Information Security / Cyber Defense.
• Proven experience managing SOC teams and cyber defense operations.
• Strong knowledge of incident response, threat detection, and security monitoring.
• Hands-on expertise with SIEM, endpoint protection, and enterprise security tools.
• Relevant certifications (CISSP, CISM, CISA, or equivalent) preferred.
• Strong analytical, leadership, and communication skills.

Job No:

Location: Egypt

Role Profile:

Alshaya employed a dedicated security team to implement and maintain the organization's information security program. Typically, this group is led by a chief information officer. The security group is generally responsible for conducting risk management, a process through which vulnerabilities and threats to information assets are continuously assessed, and the appropriate protective controls are decided on and applied. The value of an organization lies within its information and its security is critical for business operations, as well as retaining credibility and earning the trust of clients.

Information security programs are built around the core objectives of the CIA triad: maintaining the confidentiality, integrity and availability of IT systems and business data.

The below Key Performance Areas include but are not limited to:

 Define risk governance strategy and ensure alignment with business objectives

Approve control frameworks and ensure cross-functional adoption

eport risk trends and remediation status to executive leadership

overn exception policy and ensure audit readiness

nsure audit outcomes drive continuous improvement

ead enterprise-wide audit planning and regulatory alignment

resent security metrics to board-level stakeholders

trategic alignment of risk assessments with business objectives

ponsor control initiatives and allocate resources

nfluence business decisions through risk intelligence

hampion security culture and workforce engagement

overn enterprise investigation protocols and legal coordination

wn Policy enforcement governance and regulatory reporting

efine policy governance and ensure enterprise alignment

ead enterprise-wide security programs and stakeholder alignment

efine exception handling strategy and oversee execution

Knowledge (Desired):

uthority on ISO governance and regulatory alignment, ensuring frameworks are embedded across the organization.

trategic oversight of control architecture, ensuring alignment with compliance requirements and business objectives.

xecutive-level communication of risk posture, security strategy, and compliance status to leadership and stakeholders.

eadership in compliance governance, regulatory engagement, and fostering a culture of accountability.

ffective stakeholder communication and coordination during investigations and legal holds.

versight of performance measurement, continuous improvement, and reporting of security and compliance KPIs.

eads enterprise risk alignment, facilitates risk assessments, and engages executive stakeholders in mitigation strategies.

overns the full policy lifecycle, ensuring strategic alignment and enforcement of security policies.

eads enterprise-wide compliance and risk mitigation programs through cross-functional collaboration.

versees breach response, including senior management notification and crisis management coordination.

Experience

0 – 15 Years of Experience

 Manager
br>
Professional Certification: CISM, CGEIT, ISO 27001 Lead Auditor, CIPM, CRISC, CISA PCI ISA

Skills:

roficient in Risk Management: Skilled in identifying, evaluating, and mitigating enterprise-level risks.

ands-on experience with GRC tools: Practical knowledge of platforms such as Archer, ServiceNow GRC, or equivalent for managing governance, risk, and compliance workflows.

trategic oversight of security controls: Ability to design, implement, and monitor control frameworks aligned with regulatory standards.

xpertise in ISO and regulatory frameworks: Deep understanding of ISO standards and global compliance requirements (e.g., GDPR, PCI DSS).

olicy governance: Capable of managing the full lifecycle of security policies and ensuring strategic alignment with business objectives.

ompliance leadership: Drives compliance awareness and engagement across departments, including regulatory liaison.

isk communication: Communicates risk posture and mitigation strategies effectively to executive leadership and stakeholders.

ncident response coordination: Leads breach response efforts, including senior management notification and crisis handling.

erformance metrics and evaluation: Oversees the development and tracking of key performance indicators for continuous improvement.

ross-functional collaboration: Leads enterprise-wide initiatives for compliance, risk mitigation, and audit readiness.

Advertised: 10 Sep 2025

Application close: 11 Oct 2025

JOB PURPOSE

To manage and oversee the Information Security Controls and Governance Team to ensure the proper enforcement of the security policies across the organization, remediate identified gaps and mitigate any potential security risks. In addition, to support the implementation of the security strategy with regards to the identity access management and governance, data classification and protection, and security controls validation.

Description

1. Ensure proper management of the Information Security Controls and Governance resources to support ongoing business initiatives from a security controls and governance perspectives, ensuring the development of the necessary security access matrix mapped to the staff's job titles and business activities.

2. Develop and Monitor the Information Security Controls and Governance Area's Key Performance Indicators and ensure adherence to the same. This includes monitoring of the TAT and SLAs of handling the different access management requests. In addition to the KPIs & KRIs related to the Security Controls periodic reviews and assessments.

3. Ensure the annual review and update of the Information Security Controls and Governance area processes and procedures with the development and adherence to the developed SLAs.

4. Manage and oversee the implementation of the Data Classification & Protection program to ensure proper classification framework is defined that helps classify and protect the bank's crown jewels and critical information assets. This includes maintaining the controls necessary to protect information and vital assets in accordance with security requirements and industry standards (privacy requirements, Personal Identifiable Information, encryption, Data Loss Prevention, data retention and destruction) for both structured and unstructured data.

5. Ensure proper timely tracking and closure of open (internal/External) audit issues.

6. Manage and oversee the Identity Access Management and Governance program to ensure proper governance of identities during the employment life cycle of all personnel in accordance with the security requirements and policies. including the development of the applications' security matrix.

7. Manage and oversee the implementation of the Security Controls and Governance roadmap to ensure the planned reviews are conducted as per the predefined frequencies as well as the closure of the identified gaps in a timely manner, and ensure conducting access rights certification campaigns over the different bank systems to validate current access rights granted to employees, and ensure proper enforcements of actions identified as an outcome of the campaigns.

8. Handle and manage exceptions and escalations to ensure proper support and alignment is in place between Information Security Controls and Governance area and the different stakeholders. This includes resolving communication conflicts to ensure a streamlined process is in place.

9. Work collaboratively with Business units, IT teams, Audit, Legal and risk management functions to address open gaps/issues driven from internal/external audit, independent assessments and reviews as applicable, and ensure proper tracking mechanism is in place in coordination with the relevant stakeholders.

10. Ensure proper enforcement of the developed security policies and controls including Physical and Environmental Security policy, Human Resources Security Policy, Information Governance Policy. This in addition to the URL Filtering, Internet Access Policies as well as the Data Loss Prevention Policies.

11. Ensure adherence to the defined security controls operating model to support the different security controls requirements and communicate violations to the relevant teams. This includes managing the different security controls approvals including (Removable media access, Remote Working Access, Internet Access, External Email Access, EMM, etc.) ensuring adherence to the set SLAs and TAT.

12. Assess and take the necessary actions towards the different policies' violations identified through the Privileged Access Management, Security Monitoring Tools such as NexThink, DLP or through the on-going SOC monitoring and reporting.

Qualifications

Qualifications & Experience

 Bachelor's degree of Engineering, Computer Science, Information Security or equivalent.

Minimum years of experience in IT, Information Security, Risk Analysis and / or Governance and Compliance

ecommended Certifications

o SANS Global Information Assurance Certification (GIAC)

o CRISC

o ISO 27001:2013 Lead implementer

o CISM

Skills

ery good command of English and Arabic languages

ery good Management and leadership skills

ery good Negotiation skills

xcellent Communication skills

Primary Location: Egypt-Giza-SMART VILLAGE BLDG. 3

Job: Back Office

Organization: FINANCE, STRATEGY, OPERATIONS & TECHNOLOGY

Shift: Day Job

Job Type: Full-time Employee

Job No:

Location: Egypt

Role Profile:

Responsible to ensure timely reporting of cyber incidents with accurate, meaningful, and comprehensive understanding of cyber incident through its life cycle. Develop proactive security controls to minimize any damage or impact to Alshaya information networks, information systems, data, and services. Need to provide an effective and comprehensive response that include the recovery of any affected information systems and the return to a fully functioning, secure, operational state for all services and information systems.

The below Key Performance Areas include but are not limited to:

Effective triaging and prioritization of incoming alerts per MITRE ATT&CK framework.

Expertise with host and network-based security tools

Ensure the timely identification, response, investigation, and remediation of all security events and incidents

Thorough understanding of advanced security and network concepts (Operating systems, intrusion/detection, TCP/IP, ports, etc.)

Develop, maintain, and enhance related IR processes and playbooks, documentation,and other supporting procedures

Expertise with network monitoring in a SOC environment

Develop and maintain program metrics, KPIs and reporting for the incident response program to drive continuous improvement

Aid in the evaluating, planning, configuration, and implementation of supporting security initiatives and solutions

Ensure security industry standards and best practices are identified and integrated into the program approach and methodologies

Expertise in Malware Analysis and Memory Forensics.

Knowledge in cloud response and containment

Ability to navigate ambiguity and develop working with Teams

Excellent written and oral communication skills

Knowledge of different types of vulnerabilities like OWASP Top 10/20.

Programming knowledge with a popular modern language utilized by above tools (i.e. Java, PHP, Python, Ruby etc.)

Life-long learner - always stay up to date with latest attack vectors, vulnerabilities, remediation and protection paradigms, etc.

Knowledge:

• Experience managing and leading security analysts in a security operation center.

• Proven results developing and implementing methods, processes, and procedures for detecting, responding, and resolving computer security incidents

• Deep understanding of present-day cyber-threats, attacker techniques and behaviors and effective methods to both detect & repel these threats for a global organization.
• Experience with supporting security technologies such as firewalls, proxies, web and email filters, application whitelisting, sandboxing, SIEM, threat intelligence, vulnerability scanning, syslog, IDS/IPS, DLP,EDR, Cloud etc.
• Strong technology experience with IT technologies including networks, endpoints, virtualization, cloud, operating systems, email, storage, databases, etc.
• Proficiency leading projects and project management experience with a focus on delivery and execution
• Highly motivated and self-directed with a passion for solving complex problems

Must be able to prioritize based on risk, schedule and track to deadlines for self and team members

Experience

• 5-10 years experience in Information Security Domain
• Graduation Degree/Btech

CEH / OSCP / CHF certifications is added advantage

• Skills: Hands on security incident investigation with good knowledge of IR reporting.
• Hands on creating usecases related to security controls.
• Strong interpersonal, oral, and written communication skill.
• Deep understanding of Cyber security Framework.

Advertised: 10 Sep 2025

Application close: 11 Oct 2025

Key Responsibilities

Collaborate with risk and information security teams to provide recommendations for improvement and communicate them to subject matter experts and management.

Implement, maintain, and enhance
information security processes
to improve efficiency and effectiveness.

Manage and maintain the
Vulnerability Management tool
, perform analysis and reporting, and ensure issues are addressed within SLA timelines.

Provide support in the
detection, response, mitigation, and reporting
of cyber threats affecting the organization.

Support and facilitate
audits, evidence collection, documentation, and reporting
.

Participate in the
evaluation, implementation, and troubleshooting
of security tools and solutions.

Stay current with the
threat landscape
and emerging cybersecurity risks.

Identify and mitigate
business and security risks
, including coordination of Data Risk Assessments (DRAs) as required.

Ensure compliance with
Minimum Security (MinSec) Standards
.

Contribute to the development of
Key Performance Indicators (KPIs) and metrics
to measure and report on service health.

Generate and review regular reports to identify opportunities for service improvement.

Actively participate in
internal service review meetings
and security discussions.

Qualifications & Skills

• Bachelor's degree in
  Information Security, Computer Science, or a related field
  .
• 3–5 years of experience
  in Information Security or related roles.
• Hands-on experience with
  vulnerability management tools
  , SIEM, and endpoint protection.
• Strong knowledge of
  security frameworks and standards
  (ISO 27001, NIST, CIS Controls, etc.).
• Familiarity with risk assessments, audits, and compliance processes.
• Solid understanding of
  threat detection, incident response, and security monitoring
  .
• Relevant certifications such as
  CISSP, CISM, CEH, CompTIA Security+, or similar
  (preferred).
• Strong analytical, communication, and problem-solving skills.