InfoSec Compliance & Assurance Lead - Banking

Location: Cairo, Egypt (100% On-Premise)

Contract Duration: 6 Months (Extendable)

Employment Type: Contract

About us:

Where elite tech talent meets world-class opportunities!

At Xenon7, we work with leading enterprises and innovative startups on exciting, cutting-edge projects that leverage the latest technologies across various domains of IT including Data, Web, Infrastructure, AI, and many others. Our expertise in IT solutions development and on-demand resources allows us to partner with clients on transformative initiatives, driving innovation and business growth. Whether it's empowering global organizations or collaborating with trailblazing startups, we are committed to delivering advanced, impactful solutions that meet today’s most complex challenges.

About the Client:

Join one of Egypt’s premier financial institutions, renowned for its extensive suite of banking services, including Institutional Banking, Personal Banking, and Islamic Banking. With a global presence through over 50 branches and correspondents, we serve a diverse and dynamic clientele. As we embark on a groundbreaking digital transformation journey, we are committed to leveraging the latest technologies to establish a state-of-the-art data architecture that will redefine our performance and service delivery.

Job Summary:

This role exists to accelerate the information security compliance posture across IT and Digital Transformation. The specialist acts as the InfoSec function's technical compliance arm—tracking, evidencing, and reporting on remediation progress against CBE Cybersecurity Framework requirements, PCI DSS obligations, and internal control commitments. The role also leads and executes assurance exercises, either directly or by scoping and managing third-party security assessment engagements.

Key Responsibilities:

A. IT & Digital Transformation Compliance Follow-Up

• Maintain a live compliance tracker across all active CBE Cybersecurity Framework control domains (IAM,

PAM, GRC, Container Security, and others).

• Conduct regular technical walk-throughs with IT and Digital Transformation teams to validate

implementation status and close evidence gaps.

• Escalate risks and blockers to the Head of GRC and CISO with clear risk-quantified language suitable for

Risk Committee reporting.

• Map remediation actions to OKR key results and track delivery against agreed timelines.
• Prepare compliance status reports in a format suitable for senior management and regulatory audiences.

B. PCI DSS Engagement Lead

• Own the end-to-end PCI DSS engagement cycle — scoping, gap assessment, remediation tracking, QSA

coordination, and Report on Compliance (RoC) or Self-Assessment Questionnaire (SAQ) readiness.

• Coordinate across IT, Operations, and Digital to ensure cardholder data environment (CDE) controls are

implemented, evidenced, and maintained.

• Manage the relationship with the appointed Qualified Security Assessor (QSA) and act as the internal

point of contact throughout the assessment cycle.

• Drive closure of PCI DSS findings and build a compensating controls register where technical controls are

not yet feasible.

• Maintain PCI DSS documentation library including network diagrams, data flow diagrams, asset inventory,

and policies relevant to the CDE.

C. InfoSec Assurance Exercises

• Plan and execute assurance activities including control testing, configuration reviews, access reviews,

and policy compliance spot checks.

• Scope, procure, and manage third-party security assessment vendors where specialized assessment

capability is required (e.g., penetration testing, red team exercises, cloud security reviews).

• Produce clear assurance reports with risk-rated findings, business impact statements, and prioritized

remediation recommendations.

• Track finding remediation to closure and validate effectiveness of corrective actions.
• Coordinate with the InfoSec Control Validation Manager to align assurance outputs with

broader control validation programme.

Requirements

• 
  Minimum 7 years of information security experience, with at least 3 years in a banking or financial

institution.

• Hands-on PCI DSS experience — must have participated in or led at least one full RoC or SAQ-D

assessment cycle.

• Deep knowledge of CBE Cybersecurity Framework requirements and Egyptian regulatory context.
• Experience conducting technical compliance gap assessments across IT infrastructure, network, and

application layers.

• Strong written and verbal communication skills in both Arabic and English.

Preferred Certifications

• CISA — Certified Information Systems Auditor
• PCIP or PCI ISA — PCI Internal Security Assessor
• ISO 27001 Lead Auditor
• CISM — Certified Information Security Manager

Preferred Experience

• Prior experience in an Egyptian bank or financial institution operating under CBE oversight.
• Familiarity with GRC tooling (RSA Archer, ServiceNow GRC, or equivalent).
• Experience working with external auditors, QSAs, and regulators.

Benefits

• Attractive, market-leading salary package
• Clear career advancement path with professional development opportunities