Analyst, Information Security
Entity: Aga Khan University
Location: Karachi
Introduction to the Aga Khan University:
Chartered in 1983, Aga Khan University (AKU) is a private, autonomous and self-governing international university with 13 teaching sites in 6 countries distributed across three continents. As an integral part of the Aga Khan Development Network, AKU provides higher education in several disciplines, carries out research pertinent to the countries in which it exists and has campuses, programmes and/or teaching hospitals in Afghanistan, Kenya, Pakistan, Tanzania, Uganda and the UK. As an international institution, AKU operates on the core principles of quality, relevance, impact and access; and AKU is a model of academic excellence and an agent of social change.
As an equal opportunity employer, AKU believes in promoting a diverse and inclusive culture and is committed to adopt appropriate standards for safeguarding and promoting a respectful relationship with and between diverse workforce of its faculty, staff, trainees, volunteers, beneficiaries, wider communities, and other stakeholders with whom it works, including children and vulnerable adults and expects all employees/trainees and partners to share this commitment.
Job Role / Responsibilities:
As Analyst, Information Security you will be assisting in managing the Global Information Security and to protect AKU’s enterprise infrastructure, digital information, and business continuity globally through strong and effective security practices. At Aga Khan University, as an Analyst, Information Security you will be responsible for
- assisting in preparation, assessment and enforcement of information security policies, standards, guidelines and procedures and Perform IS policy and procedures gap assessments against information security, regulatory requirements and governance standards, for example ISO27001.2013, COBIT, PCI-DSS etc.
- ensuring that information security policy and relevant procedures are updated, reviewed and approved by the management at the defined frequency and are in compliance with applicable privacy and identity theft laws and other regulations.
- performing technology and information security risk assessments.
- liaising with IT and internal/external audit teams during information systems audit and working as a central point of contact from IT to ensure appropriate flow of information to audit team with any delay.
- working with IT team for successful closure of the audit observations for all sites (Pakistan, East Africa, UK and Afghanistan).
- actively participating in the Security Incident Response Team (SIRT).
- performing internal assessments and identify gaps in current documentation and operationsand working to fix these gaps.
- working with other teams in technology, internal audit and vendors to ensure that AKU-wide information security requirements are incorporated into the rollout of new systems.
- performing and maintaining information/ data classification policy and procedure and educating IT and business users and ensure all critical information assets are classified properly.
- performing vulnerability assessments on operating systems, databases, and applications.
- reviewing of audit logs for critical applications, databases, OS and networks.
- conducting information security awareness trainings for AKU staff globally.
- working with business functional leads and technology team leads to ensure that user access rights review and privileged access rights review will complete on time.
Eligibility Criteria / Requirements:
Incumbent must have
- a bachelor’s degree in computer science, Computer Engineering, Information Security, or related field.
- relevant certifications such as CISA, CISM, CEH, CISSP, or equivalent Experience.
- minimum of 5 years of hands-on experience in Information Security covering risk assessments, policy development, security awareness, IT audits, and implementation of ISO 27001 and PCI-DSS.
- proven expertise in performing security assessments for infrastructure, systems, and networks, with a focus on identifying vulnerabilities or gaps.
- experience in incident response planning, investigation, and handling breaches, including navigating legal and disciplinary actions.
- strong knowledge of Information Security frameworks and standards, including ISO 27001, PCI-DSS, NIST, GDPR, and CIS.
- ability to conduct information security risk assessments and critical practice assessments, providing actionable insights and recommending improvements.
- ability to manage and drive remediation efforts following security incidents, penetration tests, vulnerability scans, and audit results.
- deep understanding of business activities, with the ability to tailor security solutions that address specific needs within the organization.
Comprehensive employment reference checks will be conducted
