68 Security Technology jobs in Egypt

1. Design, Implement & maintain Cloud Security Measures for public/private Cloud Infrastructure Platforms. This includes Securing Virtual Machines, storage Systems, Networks or Cloud Resources.

Develop and maintain security baselines for all information systems and ensure regular maintenance and update of all baselines inventory bank wide.

Perform regular baseline scans or reviews as applicable to ensure compliance with the developed security baselines and follow up on mitigating the identified gaps/findings

Support the implementation of the different security projects and initiatives through defining the necessary security requirements in full alignment with the security policies and industry requirements.

Contribute to the design and implementation of security controls & technologies including but not limited to firewalls, intrusion detection/prevention systems, access controls and cryptographic mechanisms to strengthen the bank security posture

Conduct comprehensive reviews for security controls & configurations in alignment with Banks' policy, compliance & regulation mandates and industry best practices

Effectively participate in the change and release management process to ensure adequate security controls are applied before go-live

Review and approve access control requests over different technology platforms/ and network security infrastructure to ensure adequate application of the approved security policies (e.g., Firewall rules change review).

Participate in the new server provisioning process to ensure conducting the needed security checks and ensure closure of any identified gaps before production deployment.

Ensure proper management and enforcement of privileged accounts over different technology layers (Operating System, Database, Application) including account designation, and implementation of privileged access control requirements.

Review and approve privileged access related requests including but not limited to (generic accounts creation, PAM access, access to existing accounts, etc.).

Assess and provide recommendations for IT & Cyber security policy deviation requests and ensure proper tracking of the same.

Bachelor's degree in Computer Science, Information Security, or a related field. A master's degree is preferred.

 for the senior) years of proven experience in security domains

Strong knowledge of Operating Systems Principals, secure design principles, and common security vulnerabilities

as strong technical experience and knowledge of several cyber security technologies including firewalls, IDS/IPS, DLP, End Point Security, Data Encryption, Database Security, Web/Email Filtering vulnerability scanners, code analysis tools, etc.

nowledge of industry regulations and standards such as CIS benchmark, ISO 27001, NIST, OWASP, etc.

xperience conducting security assessments, vulnerability testing, and risk assessments.

Mandatory Certification:

ISSP

CSP or CCSE

echnical Certification ex. Cisco, Palo Alto, F5, etc.

Recommended Certification:

ISM

SSLP

EH

ecurity+

IAC Certificates

trong communication and presentation skills

trong problem-solving and analytical skills

roficient verbal and written English

ime Management skills

1. Design, Implement & maintain Cloud Security Measures for public/private Cloud Infrastructure Platforms. This includes Securing Virtual Machines, storage Systems, Networks or Cloud Resources.

Develop and maintain security baselines for all information systems and ensure regular maintenance and update of all baselines inventory bank wide.

Perform regular baseline scans or reviews as applicable to ensure compliance with the developed security baselines and follow up on mitigating the identified gaps/findings

Support the implementation of the different security projects and initiatives through defining the necessary security requirements in full alignment with the security policies and industry requirements.

Contribute to the design and implementation of security controls & technologies including but not limited to firewalls, intrusion detection/prevention systems, access controls and cryptographic mechanisms to strengthen the bank security posture

Conduct comprehensive reviews for security controls & configurations in alignment with Banks' policy, compliance & regulation mandates and industry best practices

Effectively participate in the change and release management process to ensure adequate security controls are applied before go-live

Review and approve access control requests over different technology platforms/ and network security infrastructure to ensure adequate application of the approved security policies (e.g., Firewall rules change review).

Participate in the new server provisioning process to ensure conducting the needed security checks and ensure closure of any identified gaps before production deployment.

Ensure proper management and enforcement of privileged accounts over different technology layers (Operating System, Database, Application) including account designation, and implementation of privileged access control requirements.

Review and approve privileged access related requests including but not limited to (generic accounts creation, PAM access, access to existing accounts, etc.).

Assess and provide recommendations for IT & Cyber security policy deviation requests and ensure proper tracking of the same.

Bachelor's degree in Computer Science, Information Security, or a related field. A master's degree is preferred.

 for the senior) years of proven experience in security domains

Strong knowledge of Operating Systems Principals, secure design principles, and common security vulnerabilities

as strong technical experience and knowledge of several cyber security technologies including firewalls, IDS/IPS, DLP, End Point Security, Data Encryption, Database Security, Web/Email Filtering vulnerability scanners, code analysis tools, etc.

nowledge of industry regulations and standards such as CIS benchmark, ISO 27001, NIST, OWASP, etc.

xperience conducting security assessments, vulnerability testing, and risk assessments.

Mandatory Certification:

ISSP

CSP or CCSE

echnical Certification ex. Cisco, Palo Alto, F5, etc.

Recommended Certification:

ISM

SSLP

EH

ecurity+

IAC Certificates

trong communication and presentation skills

trong problem-solving and analytical skills

roficient verbal and written English

ime Management skills

Location

Egypt Delivery Center

Deloitte Innovation Hub I Cyber Security I Technology Resilience Tech Lead, Cairo. Egypt

Connect to your career at Deloitte

Deloitte, established globally in 1845, is the world's largest and leading professional services firm, providing Audit & Assurance, Tax & Legal and Consulting and related services to public and private clients spanning multiple industries. Present in more than 150 countries, Deloitte is distinct in its ability to help clients solve their most complex problems, from strategy to implementation.

Deloitte innovation hub (DIH) is a strategic initiative established by Deloitte North & South Europe (NSE) to support our ambition to become the leading business transformation partner of choice for our clients and to expand and scale our delivery footprint across EMEA. With access to a scaled, diverse, highly skilled, motivated, and engaged workforce, DIH is delivering complex technical solutions for clients' most complex business problems, across portfolios that include 'Strategy & Transactions', 'Customer', 'Engineering, AI & Data, 'Enterprise, Technology & Performance' and 'Cyber'. DIH is aiming to become the destination for top talents in Egypt for a long, exciting career.

We invest in outstanding people of diverse talents and backgrounds and empower them to achieve more than they could elsewhere. Our work combines advice with action and integrity. We believe that when our clients and society are stronger, so are we. Our organization has grown in scale and diversity, providing services across the region, with our shared culture remaining the same. We aim to help clients realize their ambitions, make a positive difference in society, and maximize the success of our people. This drive fuels the commitment and humanity that run deep through our every action.

Connect to your opportunity

Imagine guiding clients so they can keep core services running even when a cyber-attack, flood, or regional blackout strikes. At Deloitte, our Technology Resilience practice turns that vision into reality through Resilience thinking. You will help organizations decide what absolutely must survive, test the strength of their datacenters and clouds, and shape next-generation safeguards that stand up to the worst-case scenario. Your recommendations reach boardrooms, influence capital spend and protect critical national infrastructure.

Outcomes you will drive:

• Define and assess a client's Minimum Viable Company (MVC) identifying the core capabilities, systems, and dependencies required to sustain operations during disruption.
• Lead Technology Impact Analyses (TIA) to map the relationships between business services, applications, infrastructure, and third-party providers, and understand the operational consequences of their failure.
• Evaluate data centers, cloud environments, and network architecture from a resilience and recoverability perspective identifying single points of failure, weak failover strategies, or latency risks.
• Design and recommend modern resilience solutions, including immutable backups, data vaulting, tiered recovery architecture, cloud-native resilience models, and chaos engineering practices.
• Conduct resilience risk assessments across IT environments helping clients identify exposure to cyber events, operational errors, or infrastructure failure, and advising on mitigation strategies.
• Perform resilience posture assessments using Deloitte's proprietary frameworks and help clients benchmark against industry standards such as ISO 22301, DORA, NIST, and NIS2.
• Translate resilience requirements into tangible recovery capabilities such as defining Recovery Time Objectives (RTOs), Recovery Point Objectives (RPOs), and testing protocols for critical services.
• Develop and implement resilience roadmaps that prioritize quick wins and long-term transformation balancing compliance, technical feasibility, and business expectations.
• Facilitate scenario-based simulations and tabletop exercises to validate readiness across business and IT stakeholders and refine response protocols based on real-world dynamics.
• Work cross-functionally with cyber, cloud, infrastructure, and risk teams to embed resilience into transformation programs, ensuring it's considered from the start not after deployment.
• Support clients in meeting regulatory expectations around operational resilience, including guidance for financial services, energy, and other critical infrastructure sectors.
• Contribute to the development of Deloitte's resilience offerings, methodologies, and tools helping to shape how we go to market and deliver impact at scale.

Connect to your skills and professional experience

You'll thrive in this role if you value collaboration over control, impact over ego, and outcomes over activity. We'll support your growth, give you the autonomy to shape your work, and the trust to drive change where it matters. If you bring your best, we'll help you do your boldest.

Essentials

These are the core capabilities and experiences needed to be successful in this role:

• Bachelor's degree in Technology related field
• Minimum 7+ years of experience in related field
• Strong understanding of technology resilience concepts, including recovery architecture, IT continuity, backup strategies, and failover design.
• Demonstrated experience conducting Technology Impact Analysis (TIA) or similar exercises to assess critical IT dependencies.
• Proven ability to evaluate data centers, hybrid/cloud infrastructure, and application landscapes through a resilience lens.
• Hands-on exposure to modern resilience solutions, such as immutable backups, cyber vaults, DR-as-a-Service (DRaaS), or cloud-native recovery approaches.
• Experience performing resilience posture assessments and advising on improvements using industry-aligned frameworks (e.g., ISO 22301, DORA, NIST, COBIT).
• Ability to translate technical risks into business impact terms and communicate recommendations clearly to non-technical stakeholders.
• Demonstrated involvement in developing or supporting resilience strategies, roadmaps, or implementation plans for enterprise clients.
• Knowledge of regulatory expectations around technology resilience, especially within sectors like financial services, energy, or government.

Desirables

These are capabilities that would add complementary value to the team, but can also be developed on the job:

• Familiarity with business continuity, crisis management, or operational resilience frameworks beyond IT-specific areas.
• Experience supporting or running tabletop exercises, technical simulations, or chaos engineering experiments.
• Knowledge of cloud resilience architectures (e.g., multi-AZ/multi-region failover, backup/restore in AWS/Azure/GCP).
• Understanding of cyber-resilience intersections, such as ransomware preparedness, zero-trust recovery, or secure-by-design principles.
• Exposure to emerging technology risk (e.g., AI model resilience, edge computing, or OT/ICS environments).
• Professional certifications such as ISO 22301 Lead Auditor/Implementer, CBCI, AWS/Azure cloud certs, or DORA/operational resilience credentials.

Connect to your business – Technology & Transformation

Distinctive thinking, deep expertise, and collaborative working. That's what connects us. That's what makes us Deloitte. If you want to help solve some of the biggest challenges around, join us. Together, we'll make an impact that matters.

Personal Independence

Regulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to several audit regulations, one of which requires that certain colleagues abide by specific personal independence constraints. This can mean that you and your "Immediate Family Members" are not permitted to hold certain financial interests (shares, funds, bonds etc.) with audit clients of the firm. The recruitment team will provide further detail as you progress through the recruitment process.

Connect with your colleagues

Location: Cairo, Egypt

"What attracted me to Deloitte were the endless opportunities and the collective experience of other like-minded individuals. Deloitte's clients include many of the world's largest organizations; I wanted to be part of a team that made a difference that I could be proud of." -Dan, Technology & Transformation

"Everyone always says "it's the people," and that's true. Working for a brand you feel proud of feels pretty good too. And you don't have any stress about fitting into a particular stereotype, because there are so many different types of people in Deloitte Digital." – Gillian, Technology & Transformation

Our commitment to you

Making an impact is more than just what we do: it's why we're here. So, we work hard to create an environment where you can experience a purpose you believe in, the freedom to be you, and the capacity to go further than ever before.

We want you. The true you. Your own strengths, perspective, and personality. So, we're nurturing a culture where everyone belongs, feels supported and heard, and is empowered to make a valuable, personal contribution. You can be sure we'll take your wellbeing seriously, too. Because it's only when you're comfortable and at your best that you can make the kind of impact you, and we, live for.

Your expertise is our capability, so we'll make sure it never stops growing. Whether it's from the complex work you do, or the people you collaborate with, you'll learn every day. Through world-class development, you'll gain invaluable technical and personal skills. Whatever your level, you'll learn how to lead.

Connect to your next step

A career at Deloitte is an opportunity to develop in any direction you choose. Join us and you'll experience a purpose you can believe in and an impact you can see. You'll be free to bring your true self to work every day. And you'll never stop growing, whatever your level.

Location

Egypt Delivery Center

Deloitte Innovation Hub I Cyber Security I Technology Resilience Senior Engineer, Cairo. Egypt

Connect to your career at Deloitte

Deloitte, established globally in 1845, is the world's largest and leading professional services firm, providing Audit & Assurance, Tax & Legal and Consulting and related services to public and private clients spanning multiple industries. Present in more than 150 countries, Deloitte is distinct in its ability to help clients solve their most complex problems, from strategy to implementation.

Deloitte innovation hub (DIH) is a strategic initiative established by Deloitte North & South Europe (NSE) to support our ambition to become the leading business transformation partner of choice for our clients and to expand and scale our delivery footprint across EMEA. With access to a scaled, diverse, highly skilled, motivated, and engaged workforce, DIH is delivering complex technical solutions for clients' most complex business problems, across portfolios that include 'Strategy & Transactions', 'Customer', 'Engineering, AI & Data, 'Enterprise, Technology & Performance' and 'Cyber'. DIH is aiming to become the destination for top talents in Egypt for a long, exciting career.

We invest in outstanding people of diverse talents and backgrounds and empower them to achieve more than they could elsewhere. Our work combines advice with action and integrity. We believe that when our clients and society are stronger, so are we. Our organization has grown in scale and diversity, providing services across the region, with our shared culture remaining the same. We aim to help clients realize their ambitions, make a positive difference in society, and maximize the success of our people. This drive fuels the commitment and humanity that run deep through our every action.

Connect to your opportunity

Imagine guiding clients so they can keep core services running even when a cyber-attack, flood, or regional blackout strikes. At Deloitte, our Technology Resilience practice turns that vision into reality through Resilience thinking. You will help organizations decide what absolutely must survive, test the strength of their datacenters and clouds, and shape next-generation safeguards that stand up to the worst-case scenario. Your recommendations reach boardrooms, influence capital spend and protect critical national infrastructure.

Outcomes you will drive:

• Define and assess a client's Minimum Viable Company (MVC) identifying the core capabilities, systems, and dependencies required to sustain operations during disruption.
• Lead Technology Impact Analyses (TIA) to map the relationships between business services, applications, infrastructure, and third-party providers, and understand the operational consequences of their failure.
• Evaluate data centers, cloud environments, and network architecture from a resilience and recoverability perspective identifying single points of failure, weak failover strategies, or latency risks.
• Design and recommend modern resilience solutions, including immutable backups, data vaulting, tiered recovery architecture, cloud-native resilience models, and chaos engineering practices.
• Conduct resilience risk assessments across IT environments helping clients identify exposure to cyber events, operational errors, or infrastructure failure, and advising on mitigation strategies.
• Perform resilience posture assessments using Deloitte's proprietary frameworks and help clients benchmark against industry standards such as ISO 22301, DORA, NIST, and NIS2.
• Translate resilience requirements into tangible recovery capabilities such as defining Recovery Time Objectives (RTOs), Recovery Point Objectives (RPOs), and testing protocols for critical services.
• Develop and implement resilience roadmaps that prioritize quick wins and long-term transformation balancing compliance, technical feasibility, and business expectations.
• Facilitate scenario-based simulations and tabletop exercises to validate readiness across business and IT stakeholders and refine response protocols based on real-world dynamics.
• Work cross-functionally with cyber, cloud, infrastructure, and risk teams to embed resilience into transformation programs, ensuring it's considered from the start not after deployment.
• Support clients in meeting regulatory expectations around operational resilience, including guidance for financial services, energy, and other critical infrastructure sectors.
• Contribute to the development of Deloitte's resilience offerings, methodologies, and tools helping to shape how we go to market and deliver impact at scale.

Connect to your skills and professional experience

You'll thrive in this role if you value collaboration over control, impact over ego, and outcomes over activity. We'll support your growth, give you the autonomy to shape your work, and the trust to drive change where it matters. If you bring your best, we'll help you do your boldest.

Essentials

These are the core capabilities and experiences needed to be successful in this role:

• Bachelor's degree in Technology related field
• Minimum 3+ years of experience in related field
• Strong understanding of technology resilience concepts, including recovery architecture, IT continuity, backup strategies, and failover design.
• Demonstrated experience conducting Technology Impact Analysis (TIA) or similar exercises to assess critical IT dependencies.
• Proven ability to evaluate data centers, hybrid/cloud infrastructure, and application landscapes through a resilience lens.
• Hands-on exposure to modern resilience solutions, such as immutable backups, cyber vaults, DR-as-a-Service (DRaaS), or cloud-native recovery approaches.
• Experience performing resilience posture assessments and advising on improvements using industry-aligned frameworks (e.g., ISO 22301, DORA, NIST, COBIT).
• Ability to translate technical risks into business impact terms and communicate recommendations clearly to non-technical stakeholders.
• Demonstrated involvement in developing or supporting resilience strategies, roadmaps, or implementation plans for enterprise clients.
• Knowledge of regulatory expectations around technology resilience, especially within sectors like financial services, energy, or government.

Desirables

These are capabilities that would add complementary value to the team, but can also be developed on the job:

• Familiarity with business continuity, crisis management, or operational resilience frameworks beyond IT-specific areas.
• Experience supporting or running tabletop exercises, technical simulations, or chaos engineering experiments.
• Knowledge of cloud resilience architectures (e.g., multi-AZ/multi-region failover, backup/restore in AWS/Azure/GCP).
• Understanding of cyber-resilience intersections, such as ransomware preparedness, zero-trust recovery, or secure-by-design principles.
• Exposure to emerging technology risk (e.g., AI model resilience, edge computing, or OT/ICS environments).
• Professional certifications such as ISO 22301 Lead Auditor/Implementer, CBCI, AWS/Azure cloud certs, or DORA/operational resilience credentials.

Connect to your business – Technology & Transformation

Distinctive thinking, deep expertise, and collaborative working. That's what connects us. That's what makes us Deloitte. If you want to help solve some of the biggest challenges around, join us. Together, we'll make an impact that matters.

Personal Independence

Regulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to several audit regulations, one of which requires that certain colleagues abide by specific personal independence constraints. This can mean that you and your "Immediate Family Members" are not permitted to hold certain financial interests (shares, funds, bonds etc.) with audit clients of the firm. The recruitment team will provide further detail as you progress through the recruitment process.

Connect with your colleagues

Location: Cairo, Egypt

"What attracted me to Deloitte were the endless opportunities and the collective experience of other like-minded individuals. Deloitte's clients include many of the world's largest organizations; I wanted to be part of a team that made a difference that I could be proud of." -Dan, Technology & Transformation

"Everyone always says "it's the people," and that's true. Working for a brand you feel proud of feels pretty good too. And you don't have any stress about fitting into a particular stereotype, because there are so many different types of people in Deloitte Digital." – Gillian, Technology & Transformation

Our commitment to you

Making an impact is more than just what we do: it's why we're here. So, we work hard to create an environment where you can experience a purpose you believe in, the freedom to be you, and the capacity to go further than ever before.

We want you. The true you. Your own strengths, perspective, and personality. So, we're nurturing a culture where everyone belongs, feels supported and heard, and is empowered to make a valuable, personal contribution. You can be sure we'll take your wellbeing seriously, too. Because it's only when you're comfortable and at your best that you can make the kind of impact you, and we, live for.

Your expertise is our capability, so we'll make sure it never stops growing. Whether it's from the complex work you do, or the people you collaborate with, you'll learn every day. Through world-class development, you'll gain invaluable technical and personal skills. Whatever your level, you'll learn how to lead.

Connect to your next step

A career at Deloitte is an opportunity to develop in any direction you choose. Join us and you'll experience a purpose you can believe in and an impact you can see. You'll be free to bring your true self to work every day. And you'll never stop growing, whatever your level.

Requirements:

• Bachelor's degree in Computer Engineering, Information Technology, or related field.

• 1–2 years of relevant experience in Information Security operations.

• Knowledge of networking, operating systems (Windows/Linux).

• Certifications such as CCNA, MCSA, or Linux are a plus.

• Good understanding of firewalls and endpoint security solutions.

• Strong problem-solving and analytical skills.

• Applicants must be residents of Alexandria.

Job Duties:

• Implement and monitor security measures to protect computer systems, networks, and information.

• Identify and define system security requirements.

• Design security architecture and develop detailed cybersecurity designs.

• Manage and troubleshoot firewalls, endpoint security, and related security tools.

• Respond to and investigate security incidents.

If you are interested, kindly send your updated CV to with email subject Information Security Engineer

About Us

We're a growing
fintech startup
reimagining secure financial systems. Security is not a department — it's a culture. We're looking for an engineer who thrives at the intersection of
development, operations, and security
— someone eager to help us
shift security left
and embed it into our
SDLC
.

About the Role

As a
Security Software Engineer
, you will play a key role in securing our systems from design to deployment. You will work closely with engineers, DevOps, and product teams to
integrate security practices
, ensure
cloud and infrastructure safety
, and support
compliance initiatives
like ISO or PCI DSS.

What You'll Do

• Embed security throughout the
  software development lifecycle (SDLC)
• Build and maintain
  security tools
  , scripts, and automations
• Integrate security controls into CI/CD pipelines
• Conduct threat modelling, secure code reviews, and vulnerability assessments
• Monitor and respond to incidents using
  SOC tools
  (e.g., Wazuh, Suricata, OSSIM)
• Support and enforce
  cloud security best practices
  (AWS/Azure)
• Collaborate with engineers to
  raise security awareness
  and fix vulnerabilities
• Participate in and contribute to
  ISO 27001, PCI DSS
  , and similar processes
• Document security standards and provide internal training

What We're Looking For

• 3+ years in
  security engineering
  , DevSecOps, or a similar role
• Strong familiarity with
  SDLC security practices and shift-left approach
• Experience with one or more
  programming/scripting languages
  (C#, Python, Bash, etc.)
• Experience working with
  Agile and XP teams
• Hands-on experience with
  SOC tools
  , SIEM, and log correlation
• Good grasp of
  cloud security (IAM, encryption, networking)
• Familiar with
  DevOps tooling
  (CI/CD, Docker, IaC, etc.)
• Solid foundation in
  networking protocols, firewalls, VPNs
• Competence with
  Git-based workflows
• Contributed to or maintained parts of
  ISO 27001, PCI DSS
  , or SOC2 programs

Nice to Have

• Certifications:
  Security+
  ,
  CISSP
  ,
  OSCP
  ,
  CEH
  , or cloud security credentials
• Experience with
  threat intelligence
  ,
  attack simulation tools
  , or
  bug bounty triage
• Exposure to
  Zero Trust architectures
• Familiarity with tools like
  Trivy, Checkov, Snyk, Owasp ZAP
• Experience in
  incident response and postmortems

Why Join Us?

• Flexible hours, outcome-based work
• Culture of transparency, agility, and collaboration
• Work with a team that values
  security as code
• High-impact role in shaping secure fintech systems
• A strong platform for
  growth, innovation, and leadership

Job No:

Location: Egypt

Role Profile:

The GRC Lead – Privacy, Risk & Access Management will play a pivotal role in strengthening Alshaya Group's governance, risk, and compliance posture with a core focus on data privacy, enterprise risk management, and identity & access governance. This role will also lead and support cross-functional security projects such as SSO integration and user access reviews, ensuring secure, compliant, and business-aligned identity practices across the enterprise.

The Below Key Performance Areas include but are not limited to:

 Develop and implement privacy and data protection policies aligned with GDPR, KVKK, PDPL, and other regional regulations.

Conduct DPIAs, PIAs, and privacy risk assessments to ensure responsible data handling.

anage enterprise risk through a structured Risk Management Framework and maintain the Enterprise Risk Register.

efine and enforce IAM policies including RBAC, SoD, and user access reviews.

ead or support IAM initiatives such as SSO integrations, PAM implementations, and access certification campaigns.

lign GRC and IAM practices with standards like ISO 27001, NIST, PCI DSS, and SOX.

acilitate internal and external audits, assessments, and third-party reviews.

versee GRC tools and privacy platforms (e.g., Archer, OneTrust, ServiceNow GRC).

rive cross-functional projects including policy harmonization and audit remediation.

repare executive-level reports and dashboards for governance and compliance oversight.

ct as a liaison for privacy, risk, and IAM discussions across departments.

romote GRC awareness and training across the organization.

Knowledge:

trong understanding of global privacy regulations (e.g., GDPR, KVKK, PDPL) and data protection principles.

n-depth knowledge of enterprise risk management frameworks and risk assessment methodologies.

amiliarity with IAM concepts including RBAC, SoD, SSO, PAM, and identity lifecycle management.

xperience with compliance standards such as ISO 27001, NIST, PCI DSS, and SOX.

roficiency in using GRC and privacy management tools (e.g., Archer, OneTrust, ServiceNow GRC).

bility to lead cross-functional projects and integrate GRC, IAM, and privacy workflows.

trong stakeholder engagement and communication skills for executive and cross-departmental collaboration.

nalytical skills for conducting DPIAs, PIAs, and interpreting KRIs and audit findings.

nowledge of authentication protocols (e.g., SAML, OIDC) and identity governance best practices.

xperience in managing DSARs, breach responses, and audit readiness activities.

Experience:

-7 years experience in Information Security Domain

achelor's degree in Information Security, Computer Science, Risk Management, or related field. Master's degree or MBA is a plus.

IPP/E, CIPM, or other IAPP certifications; CRISC, CISA, or ISO 27001 Lead Implementer; Identity and Access certifications such as Azure, Okta, or SailPoint; ITIL or PMP for project management is a plus.

Skills:
br>
Strong understanding of IAM principles, SSO protocols (SAML, OIDC), and identity lifecycle.

nowledge of privacy regulations and enterprise risk frameworks.

xcellent stakeholder management, communication, and cross-functional collaboration skills.

roficient in GRC tools , Privacy Tools & Access management platforms.

Advertised: 10 Sep 2025

Application close: 11 Oct 2025

About Us
NowPay (YC W21) is a FinTech startup building a financial-wellness platform for employees in emerging markets. Saving, spending, budgeting and borrowing. Those are the 4 pillars of financial-wellness. NowPay aims to improve every aspect of those for employees by building products that tackle every vertical.

NowPay enables employees to get their salaries in advance at any point in time during the month and also pay their bills instantly. NowPay is backed by YCombinator, 500 Startups, BECO Capital, Global Ventures, Endure, Plug and Play, MSA Capital, 4dx, Foundation Ventures, EFG and Beltone.

Job Description
Role Summary:
We are seeking a skilled and proactive Information Security Engineer to lead and scale NowPay's cybersecurity posture. This role is critical to securing sensitive employee financial data, ensuring the integrity of salary disbursement systems, and supporting regulatory compliance (e.g. local regulators, PCI-DSS, and GDPR). The successful candidate will be responsible for designing and enforcing best-in-class security practices across our platforms, cloud infrastructure, and internal processes.

Key Responsibilities
Security Strategy & Architecture

• Define and continuously improve NowPay's information security strategy, policies, and controls across all layers (cloud, app, infrastructure).
• Lead threat modeling and risk assessment activities for new and existing systems.
• Ensure secure design of new fin-tech products including salary advance, BNPL, and bill payment services.

Vulnerability Management & Monitoring

• Conduct regular security assessments, vulnerability scans, and penetration testing.
• Monitor and respond to security incidents, collaborating with engineering and DevOps teams for resolution.
• Maintain and enhance audit logging, intrusion detection, and alerting systems.

Cloud & Application Security

• Implement secure configurations and hardening of AWS infrastructure (IAM, EC2, S3, RDS, etc.).
• Ensure secure code practices via CI/CD pipelines, code reviews, and dependency scanning (GitHub, Jira).
• Support the engineering team with encryption, tokenization, and data integrity mechanisms.

Compliance & Risk

• Support compliance with relevant regulatory frameworks (local regulators, PCI-DSS, ISO
• Manage security documentation, audits, and incident response playbooks.
• Collaborate with legal and compliance teams on security requirements for licensing or audits.

Employee Security Enablement

• Lead security awareness training for employees (e.g., phishing, password hygiene, secure device usage).
• Manage identity and access management (IAM), two-factor authentication, and role-based access controls.

Requirements

• 3+ years of experience in information security, preferably in fin-tech, banking, or SaaS environments.
• Hands-on experience with cloud/on-site security.
• Familiarity with regulatory and compliance standards: local regulators, GDPR, PCI-DSS, ISO 27001.
• Proficient in tools such as Metabase, GitHub, Jira, SIEMs, firewalls, and endpoint protection systems.
• Strong knowledge of OWASP Top 10, encryption protocols, and authentication systems.
• Bachelor's degree in Computer Science, Information Security, or related fields.

Benefits

• Medical insurance coverage
• Social insurance
• Salary advance

check(event) ; career-website-detail-template-2 => ,meta)" mousedown="lyte-button => check(event)" final- final-class="lyte-button lyteBackgroundColorBtn lyteSuccess" lyte-rendered="">

Job No:

Location: Egypt

Role Profile:

The GRC Admin will be responsible in implementing, interpreting, and ensuring compliance with information security policies. Assess and prioritize cybersecurity risks, supporting regulatory compliance, and report security metrics, maintaining governance standards, conducting risk assessments for internal systems and third-party vendors, enforcing security policies, and advising leadership on risk strategies such as mitigation, reduction, transfer, exception handling, and residual risk analysis.

The Below Key Performance Areas include but are not limited to:

 Implement a data security & privacy risk reporting framework aligned with ISO standards.

Design and document controls to ensure compliance with regulatory and internal requirements.

acilitate remediation of control gaps and escalate critical issues to leadership.

anage exception review processes and ensure periodic documentation and review.

repare for and support regulatory examinations such as PCI DSS.

ollaborate with auditors and control owners to ensure timely completion of requests.

onitor and analyze information security metrics to evaluate program effectiveness.

onduct risk assessments to identify vulnerabilities in systems and third-party products.

ecommend and implement controls to mitigate identified security risks.

ommunicate risk findings and actionable recommendations to stakeholders.

upport workforce security initiatives including awareness and training programs.

acilitate eDiscovery and data collection for investigations of policy violations.

nalyze security incidents and coordinate remediation and awareness efforts.

ontribute to the development and lifecycle management of security policies and procedures.

ollaborate across the organization to implement and enforce security policies.

Knowledge:

nderstanding of ISO standards and frameworks for information security risk reporting.

nowledge of designing and implementing technical, administrative, and physical security controls.

amiliarity with regulatory compliance requirements (e.g., GDPR, PCI DSS) and audit processes.

xperience in managing exception handling processes and compliance documentation.

bility to evaluate and improve the effectiveness of information security programs using metrics.

roficiency in conducting and documenting information security risk assessments.

nowledge of risk mitigation strategies and control implementation.

trong communication skills to convey risk findings and recommendations to stakeholders.

wareness of workforce security practices, including training and awareness programs.

xperience with eDiscovery processes and handling policy violation investigations.

nalytical skills for incident analysis and coordination of remediation efforts.

nderstanding of policy development, lifecycle management, and enforcement.

bility to collaborate across departments to implement security policies effectively.

Experience:

years experience in Information Security Domain

raduation Degree/BTech, Computer Science

ecurity +, Networking, certifications is added advantage.

Skills:
br>
Strong knowledge of information security governance, risk assessment, and compliance frameworks (e.g., GDPR, PCI DSS).

bility to develop, implement, and manage security policies, controls, and awareness programs.

roficiency in conducting risk assessments and analysing security metrics to support decision-making.

xcellent communication and collaboration skills for working with leadership, auditors, and cross-functional teams.

Advertised: 10 Sep 2025

Application close: 11 Oct 2025