Information and Technology Security Management Manager

Reports to: Chief Information Security and Risk Officer

Purpose: This job role is to assess and ensure that information and technology processes, solutions and systems to ensure their adequacy from confidentiality, integrity and availability perspectives. This role will lead the contracts, software and hardware risk assessment on the design phase and after go live as well. This role is responsible for finding gaps and vulnerabilities and assign proper owners to remediate them. This position will report the information and technology risk status to management to ensure proper governance.

Responsibilities:

• Build plans to assess information and technology risks quantitatively and qualitatively
• Conduct Information and technology related risk assessments using different methodologies
• Evaluate new/current information solutions, processes and systems “hardware and software” design from the information and technology risk perspective
• Design and architect information and technology risk controls across campus
• Build risk heat map reports for information and risk controls effectiveness and efficiency
• Assess and update risk management frameworks and methodologies
• Monitor risk management practices to ensure alignment with the desired enterprise risk profile
• Report relevant information and technology risk management status to management
• Performs controls testing for high-risk areas to identify risk issues and tracks remediation efforts
• Draft and update maturity assessments based on relevant frameworks
• Lead the team in finding gaps and vulnerabilities in systems and processes
• Lead the activity of assessing web, software, and code risk adequacy
• Monitor, deploy and design compliance controls from Information and technology risk perspectives’
• Recommend security architecture best practices
• Lead change advisory board/CAB activities for approving IT changes from information security perspective
• Review information and technology related legal contracts and cloud terms across campus to ensure its adequacy
• Assign risk findings to their relevant business owners
• Follow up on risk findings resolution whether by mitigation, acceptance, avoidance, or transfer
• Deliver information security awareness sessions to the community
• Handle any other assigned tasks as needed

Requirements:

• Minimum Education Requirement:  
•  BSc in computer engineering or computer science or technology related degree.
• Experience:
• 10 years of experience, at least two years of experience in the risk assessment field with international exposure

Skills:

• Experience in building and maintaining
• Familiarity with international standards including implementation experience
• Excellent organizational skills
• Excellent interpersonal and customer communications skills with ability to motivate and influence management and other staff members to maintain an overall business Resilience/continuity capability that will satisfy the business needs
• Ability to perform multiple tasks simultaneously
• High level of English
• Demonstrated knowledge and skill in the industry
• International certifications related to the field
• Comfortable dealing with individuals at all levels of the company
• Must have a self-starting, driven, assertive, and positive attitude
• Demonstrates effective problem-solving skills
• Ability to exercise independent discretion and judgment
• Excellent attention to detail
• Good presentation and documentation skills
• Ability to perform in stressful situations

The position is open until July 18, 2021

Placement is based on the candidate’s experience and skills. Only candidates who make it to the short list will be contacted.

“We thank all individuals who have expressed interest in working at The American University in Cairo.”