Information Security Manager

Job Purpose

The Information Security Manager – Egypt establishes, maintains, and continuously improves the information security and cybersecurity posture of PayTabs' Egyptian operations. The role exists for two complementary reasons:

1. Regulatory necessity — to provide a designated, locally accountable security function that satisfies Central Bank of Egypt (CBE) cybersecurity and payment-sector oversight expectations, including local incident notification, reporting, and inspection readiness.
2. Departmental support to the Group — to act as the local execution and assurance layer for the Group Information Security function, extending the reach of the Group Information Security Manager into the Egyptian entity by implementing Group policies, evidencing controls, managing local risk, and reporting upward.

Key Responsibilitie

sRegulatory & Compliance (Egypt focus

• )Own cybersecurity regulatory compliance for PayTabs Egypt and ensure adherence to CBE cybersecurity regulation s and the security/governance obligations applicable to payment service providers and payment system operators under the Central Bank and Banking System Law (Law No. 194 of 2020 ) and related CBE instructions
• .Maintain compliance with the Egyptian Personal Data Protection Law (Law No. 151 of 2020 ) in coordination with the Group privacy/DPO function
• .Prepare, maintain, and submit regulatory notifications and periodic reports to the CBE, including cyber incident notifications within mandated timeline s
• .Coordinate and support CBE inspections, on-site reviews, external audits, and regulatory examinations managing evidence collection, response, and remediation tracking
• .Maintain a current mapping of local controls to CBE requirements and reconcile them against Group frameworks (ISO 27001, PCI DS S)

.Governance, Policy & Standard

• sLocalize and implement Group information security policies, procedures, and standards for the Egyptian entity, adapting them to Egyptian regulatory and legal requirements where needed
• .Maintain the local control documentation set (policies, procedures, standards, registers) with proper version control and governance approval
• .Provide local input, papers, and reporting to the Cyber Security Committee

.Risk Managemen

• tIdentify, assess, and track information security and cyber risks specific to the Egyptian operation; maintain the local risk registe r and feed into the Group risk process (ISO 31000-aligne d)
• .Track Key Risk Indicators (KRIs ) and residual risk for local assets and processes
• .Conduct and support third-party / supply chain security assessments for Egyptian vendors and service providers

.Security Operations & Technical Assuranc

• eOversee local implementation of technical and operational controls (identity and access management, vulnerability management, logging and monitoring, network and endpoint security) in coordination with IT and Group security
• .Coordinate vulnerability scanning, penetration testing, and remediation for in-scope Egyptian systems
• .Support PCI DS S scope maintenance, evidence collection, and assessment activities for the Egyptian environment

.Incident Managemen

• tAct as local incident coordinator; ensure cyber incidents are detected, triaged, escalated, and reported in line with the Group incident procedure an d CBE notification requirements
• .Maintain local incident records, lead or contribute to post-incident reviews, and track corrective actions to closure

.Awareness & Cultur

• eDeliver the Group security awareness program locally training, phishing simulations, and role-based awareness adapted to the Arabic/English needs of Egyptian staff

.Reporting & Support to the GIS

• MProvide regular, structured reporting to the Group Information Security Manager on local compliance status, risk posture, incidents, KRIs, and remediation progress
• .Support Group-wide initiatives, audits, and certifications as they apply to Egypt
• .Liaise with local IT, business, legal, HR, and internal audit functions on behalf of the security function

.
Required Qualifications & Experien

• ceBachelor’s degree in computer science, Information Technology, Information Security, or a related fiel
• d.7+ yea rs of information security experience, wit h 3+ yea rs in a financial services, fintech, payments, or otherwise regulated environmen
• t.Demonstrable knowledge o f CBE cybersecurity regulatory requiremen ts and the Egyptian payments/banking regulatory landscap
• e.Working knowledge o f PCI DSS, ISO 27001, and ISO 310 0
• 0.Familiarity wit h Egypt Data Protection Law 151/20 2
• 0.Experience supporting regulatory inspections and external audit

s.
Certifications (Preferr

• ed)ISO 27001 Lead Implementer / Lead Audit
• or.CISSP, CISM, or CRI
• SC.A PCI-related qualification is an advanta

ge.
Skills & Competen

• ciesStrong grasp of regulatory compliance and audit management in a financial/payments cont
• ext.Risk assessment and GRC capabil
• ity.Technical breadth across core security doma
• ins.Excellent stakeholder management; able to operate effectively as a lean/sole local security resou
• rce.Fluent Arabic and Eng lish essential for regulator liaison and staff communicat
• ion.Strong documentation, evidence-management, and reporting ski

lls.