Information Security Governance Analyst

Company: MCV INDUSTRY ( egypt)-

Job Purpose:

Support the implementation, monitoring, and continuous improvement of MCV’s information security governance, risk management, and compliance program This role contributes directly to maintaining ISO 27001:2022 certification, supporting surveillance and external audits, driving KPI/KRI reporting, and enabling the maturity and scalability of GRC processes

Job Duties and Responsibilities:

• Support the development, implementation, and enhancement of the Information Security Management System (ISMS) in line with ISO 27001:2022
• Assist in maintaining GRC policies, procedures, and standards aligned with regulatory and business requirements
• Gather and report on security-related KPIs and KRIs to monitor control effectiveness and program health
• Participate in risk assessments, maintain the risk register, and support mitigation tracking
• Contribute to internal and external audit readiness, including ISO surveillance visits
• Collaborate with internal stakeholders to promote security awareness and compliance culture
• Support the implementation and use of GRC platforms (eg, ServiceNow GRC, Archer, OneTrust)
• Engage with ongoing projects to support secure development practices, compliance checks, and risk registers
• Prepare documentation and participate in quarterly ISMS and GRC reporting cycles
• Operates under the direction of the GRC Manager with a focus on execution and coordination, not strategic program ownership

Job Skills and Abilities:

• Basic understanding of ISO 27001and risk frameworks
• Awareness of data protection laws
• Familiarity with risk management processes
• Clear communication and cross-functional collaboration
• Analytical and documentation skills
• Process-focused, detail-oriented mindset
• Ability to coordinate across departments on compliance topics
• Ability to manage multiple assignments under supervision
• Ability to collect and maintain reliable compliance data

Qualifications:

• Bachelor’s degree in computer science engineering
• 2–6 years of experience in information security, risk management, or GRC roles
• Exposure to ISO 27001
• Experience with GRC platforms (eg, ServiceNow GRC, Archer, OneTrust) is a plus
• Certifications preferred: ISO/IEC 27001 Foundation or Implementer, CompTIA Security+, CISA, CRISC