We are seeking an experienced GRC Lead to drive governance, risk, and compliance activitiesin Nawy. This role ensures that security risks are identified, assessed, and managed whilemaintaining compliance with relevant regulatory and industry standards.The GRC lead leads the risk governance initiatives, oversees audits, develops policies,manages security awareness, and partners closely with engineering, product, and legal teamsto ensure secure-by-design operations across the entire organization.ResponsibilitiesMaintain an enterprise-wide information security governance & ISMS framework thataligns with business objectives, regulatory requirements, and industry best practices.Develop, maintain, and enforce security policies, standards, and proceduresLead strategic planning initiatives for security risk management, ensuring alignmentwith ISO 27001 requirements.Design, implement, and manage a security risk management framework that includesrisk assessments, control evaluations, and mitigation strategies.Oversee and continuously improve the processes for vendor security risk assessments,ensuring third-party risks are effectively managed.Develop and monitor key risk indicators (KRIs) and performance metrics to evaluate theeffectiveness of security controls and risk mitigation efforts.Oversee the development, implementation, and ongoing management of theorganization's security policies.Prepare and lead the organization's readiness for external and internal security audits,including ISO 27001 certification audits.Build and run security awareness and phishing simulation programs and promote anorganization-wide culture of security accountability.Ensure ongoing compliance with local regulatory frameworks, including those issued byCBE, FRA, and related bodies.RequirementsAt least 4 years of experience in GRC, information security risk management or securitycompliance roles.Certifications: Relevant certifications such as CISSP, CISM, CRISC, or CISA arepreferred.Demonstrated experience with ISO 27001 implementation, security audits, and vendorsecurity risk assessments.Solid understanding of cloud architectures and security controls across AWS andGoogle Cloud Platform (GCP).Familiarity with regulatory requirements in Egypt and international data protectionlaws.University/college degree in a relevant professional fieldExcellent communication skills in English, both written and spoken
Nawy is a proptech platform simplifying real estate buying in Egypt through data, technology, and end-to-end advisory services.
What you should know
100+ Real Estate Developers: Nawy works with 100+ developers across Egypt's real estate market.
Not just a platform!: Nawy offers multiple products like Nawy Now, Nawy Shares, and Nawy Unlocked, evolving beyond listings into a full-stack real estate solutions provider.
100% Real Transparency: Nawy was built to solve the lack of transparency in real estate buying.
How they work
Customer-first mindset — Simplifying complex decisions for buyers is at the core of everything.
Ownership — Teams are expected to take responsibility and drive outcomes.
Recent update
Nawy Shares is the first digital real estate platform in Egypt to formally begin the process of transitioning to a regulated investment model.. Following an announcement by the Financial Regulatory Authority FRA, we are proud to confirm that Nawy Shares is the first digital real estate platform in Egypt to formally begin the process of transitioning to a regulat…