# InfoSec Compliance & Assurance Lead - Banking > Xenon7 · New Cairo City, Egypt · Contract · Posted 2026-06-03 **Workplace:** on_site ## Description **Location:** Cairo, Egypt (100% On-Premise) **Contract Duration:** 6 Months (Extendable) **Employment Type:** Contract **About us:** Where elite tech talent meets world-class opportunities! At Xenon7, we work with leading enterprises and innovative startups on exciting, cutting-edge projects that leverage the latest technologies across various domains of IT including Data, Web, Infrastructure, AI, and many others. Our expertise in IT solutions development and on-demand resources allows us to partner with clients on transformative initiatives, driving innovation and business growth. Whether it's empowering global organizations or collaborating with trailblazing startups, we are committed to delivering advanced, impactful solutions that meet today’s most complex challenges. ### About the Client: Join one of Egypt’s premier financial institutions, renowned for its extensive suite of banking services, including Institutional Banking, Personal Banking, and Islamic Banking. With a global presence through over 50 branches and correspondents, we serve a diverse and dynamic clientele. As we embark on a groundbreaking digital transformation journey, we are committed to leveraging the latest technologies to establish a state-of-the-art data architecture that will redefine our performance and service delivery. ### Job Summary: This role exists to accelerate the information security compliance posture across IT and Digital Transformation. The specialist acts as the InfoSec function's technical compliance arm—tracking, evidencing, and reporting on remediation progress against CBE Cybersecurity Framework requirements, PCI DSS obligations, and internal control commitments. The role also leads and executes assurance exercises, either directly or by scoping and managing third-party security assessment engagements. ### Key Responsibilities: **A. IT & Digital Transformation Compliance Follow-Up** • Maintain a live compliance tracker across all active CBE Cybersecurity Framework control domains (IAM, PAM, GRC, Container Security, and others). • Conduct regular technical walk-throughs with IT and Digital Transformation teams to validate implementation status and close evidence gaps. • Escalate risks and blockers to the Head of GRC and CISO with clear risk-quantified language suitable for Risk Committee reporting. • Map remediation actions to OKR key results and track delivery against agreed timelines. • Prepare compliance status reports in a format suitable for senior management and regulatory audiences. **B. PCI DSS Engagement Lead** • Own the end-to-end PCI DSS engagement cycle — scoping, gap assessment, remediation tracking, QSA coordination, and Report on Compliance (RoC) or Self-Assessment Questionnaire (SAQ) readiness. • Coordinate across IT, Operations, and Digital to ensure cardholder data environment (CDE) controls are implemented, evidenced, and maintained. • Manage the relationship with the appointed Qualified Security Assessor (QSA) and act as the internal point of contact throughout the assessment cycle. • Drive closure of PCI DSS findings and build a compensating controls register where technical controls are not yet feasible. • Maintain PCI DSS documentation library including network diagrams, data flow diagrams, asset inventory, and policies relevant to the CDE. **C. InfoSec Assurance Exercises** • Plan and execute assurance activities including control testing, configuration reviews, access reviews, and policy compliance spot checks. • Scope, procure, and manage third-party security assessment vendors where specialized assessment capability is required (e.g., penetration testing, red team exercises, cloud security reviews). • Produce clear assurance reports with risk-rated findings, business impact statements, and prioritized remediation recommendations. • Track finding remediation to closure and validate effectiveness of corrective actions. • Coordinate with the InfoSec Control Validation Manager to align assurance outputs with broader control validation programme. ## Requirements • Minimum 7 years of information security experience, with at least 3 years in a banking or financial institution. • Hands-on PCI DSS experience — must have participated in or led at least one full RoC or SAQ-D assessment cycle. • Deep knowledge of CBE Cybersecurity Framework requirements and Egyptian regulatory context. • Experience conducting technical compliance gap assessments across IT infrastructure, network, and application layers. • Strong written and verbal communication skills in both Arabic and English. **Preferred Certifications** • CISA — Certified Information Systems Auditor • PCIP or PCI ISA — PCI Internal Security Assessor • ISO 27001 Lead Auditor • CISM — Certified Information Security Manager **Preferred Experience** • Prior experience in an Egyptian bank or financial institution operating under CBE oversight. • Familiarity with GRC tooling (RSA Archer, ServiceNow GRC, or equivalent). • Experience working with external auditors, QSAs, and regulators. ## Benefits - **Attractive, market-leading salary package** - **Clear career advancement path with professional development opportunities** ## Apply [Apply at Xenon7](https://apply.workable.com/xenon7/j/279EDEF9B4/apply) --- Powered by [Workable](https://www.workable.com)