Chief Information Security Officer

Client of Ethics HR

Define and execute the bank s enterprise information security strategy in alignment with the business and regulatory requirements.

• Establish security governance frameworks, policies, and standards across all technology and business functions.
• Oversee cybersecurity programs including threat detection, incident response, vulnerability management, and security operations.
• Lead enterprise-wide technology risk management, ensuring effective identification, assessment, and mitigation of risks.
• Ensure full compliance with Central Bank of Egypt cybersecurity mandates, digital banking requirements, and data protection regulations.
• Develop and manage the Cloud Security Architecture (e.g., AWS, Azure) strategy, ensuring secure configuration and compliance for all digital infrastructure.
• Establish Security Metrics and Key Risk Indicators (KRIs) for regular reporting to the Board and Executive Committee, demonstrating the effectiveness of the security program.
• Implement and govern API Security standards and best practices to protect data exchange within the digital ecosystem and external partners.
• Formally manage and sign off on outsourcing security agreements (third-party risk) to meet specific CBE requirements for external service providers
• Coordinate internal and external audits, penetration tests, and security assessments.
• Guide secure design and implementation of digital platforms, applications, and infrastructure.
• Implement strong access controls, encryption standards, and secure development practices across all systems.
• Oversee incident response planning, threat escalation procedures, and crisis management protocols.
• Support development of business continuity and disaster recovery capabilities.
• Manage cybersecurity risks associated with vendors, partners, outsourcing arrangements, and cloud-based services.
• Ensure third-party systems meet the bank s security and resilience standards.
• Promote strong security culture through awareness initiatives, training programs, and senior leadership engagement.
• Ensure employees understand their responsibilities in maintaining cybersecurity.
• Lead security teams across cyber operations, security engineering, GRC, an identity management.
• Advice the CEO, CTOO/CIO, CRO, and Board committees on security posture, emerging threats, and risk mitigation actions.