Information Security and Compliance Engineer

EGPAF on behalf of The Ministry of Health (MoH) is looking for a skilled Information Security and Compliance Specialist to help drive our commitment to information security and regulatory compliance. This role will focus on designing implementing and maintaining security controls aligned with ISO 27001 standards to support our Information Security Management System (ISMS). The role will be responsible for evaluating security risks performing compliance assessments and collaborating with crossfunctional teams to ensure the effectiveness of our information security framework. The ideal candidate will have a strong background in information security risk management and familiarity with ISO 27001 controls.

Key Responsibilities

• ISMS Implementation & Maintenance

• Develop implement and maintain the ISMS in alignment with ISO 27001 standards.
• Assist in establishing documenting and maintaining security policies procedures and standards for MoH.
• Conduct regular ISMS reviews to ensure alignment with MoH needs and regulatory requirements.
• Facilitate the ongoing ISO 27001 certification process including preparation for internal and external audits.

• Risk Assessment & Management

• Identify assess and prioritize information security risks recommending controls to mitigate them in line with ISO 27001.
• Perform periodic risk assessments and work closely with business units to remediate identified risks.
• Support risk treatment processes and track the status of remediation efforts.

• Compliance and Audit Management

• Collaborate with various stakeholders to ensure compliance with regulatory requirements (e.g. Data Protection Act ISO 27001).
• Coordinate internal audits and collaborate with external auditors to support ISO 27001 certification and compliance efforts.

• Maintain a clear record of audit findings corrective actions and risk treatment plans.

• Security Awareness and Training

• Develop and deliver security awareness training programs to build an information security culture.
• Provide guidance and training to employees on security policies procedures and compliance responsibilities.

• Incident Response & Management

• Support the incident response process by identifying reporting and remediating security incidents as part of the ISMS.
• Conduct postincident reviews and support continuous improvement efforts within the incident management process.

• Documentation and Reporting

• Maintain accurate documentation of security policies standards and ISMS processes to meet ISO 27001 requirements.
• Generate periodic reports on ISMS performance risk status and compliance to inform leadership and support decisionmaking.

• Continuous Improvement

• Apply the PlanDoCheckAct (PDCA) cycle to improve the effectiveness of the ISMS.
• Stay updated on emerging technologies and security trends recommending enhancements to improve organizational security posture.

Qualifications :

• Education: Bachelors degree in Computer Science Information Security or a related field. Masters degree preferred.
• Experience: 3 years of experience in information security compliance or risk management preferably with experience in ISO 27001.
• Certifications: ISO 27001 Lead Implementer or Lead Auditor CISSP CISM or equivalent is highly desirable.
• Strong understanding of ISO 27001 including the ISMS framework and certification process.
• Knowledge of risk management and compliance frameworks (e.g. NIST CSF PCI DSS GDPR).
• Experience with security tools such as SIEM vulnerability management identity and access management.

Additional Information :

Skills and Competencies

Analytical & ProblemSolving Skills:

• Ability to assess complex security risks and design effective solutions.
• Strong attention to detail and an analytical approach to identifying potential compliance gaps and risk areas.

• Communication Skills:

• Excellent written and verbal communication skills with the ability to clearly articulate security concepts and compliance requirements to stakeholders.

• Project Management:

• Experience in managing projects or working within project frameworks (e.g. PRINCE2 Agile) is an advantage.

As a global multinational and multicultural organization EGPAF believes that diversity in the workplace enriches our work and enhances our impact and effectiveness. We believe that employees have the right to work in a climate of mutual respect and integrity that promotes dignity and respect for all and that enables them to reach their full potential. EGPAF is an equal opportunity employer and affords equal opportunity to all employees and applicants for employment regardless of race/ethnicity color religion sex (including pregnancy gender identity gender expression and sexual orientation) national origin age disability or genetics. In addition to country law requirements EGPAF complies with US laws governing nondiscrimination in employment in every location in which the Foundation has facilities.

The Foundation does not charge any fees at any stage of the recruitment process. If you are asked to pay a fee please contact our hotline by phone (US: dial toll free; all other countries: collect) or online ().

Remote Work :

No

Employment Type :

Contract