https://bayt.page.link/p5NN5qSEa8PgCP5RA
أنشئ تنبيهًا وظيفيًا للوظائف المشابهة

الوصف الوظيفي

Analyst, Information Security


Entity: Aga Khan University


Location: Karachi


Introduction to the Aga Khan University:


Chartered in 1983, Aga Khan University (AKU) is a private, autonomous and self-governing international university with 13 teaching sites in 6 countries distributed across three continents. As an integral part of the Aga Khan Development Network, AKU provides higher education in several disciplines, carries out research pertinent to the countries in which it exists and has campuses, programmes and/or teaching hospitals in Afghanistan, Kenya, Pakistan, Tanzania, Uganda and the UK. As an international institution, AKU operates on the core principles of quality, relevance, impact and access; and AKU is a model of academic excellence and an agent of social change.


As an equal opportunity employer, AKU believes in promoting a diverse and inclusive culture and is committed to adopt appropriate standards for safeguarding and promoting a respectful relationship with and between diverse workforce of its faculty, staff, trainees, volunteers, beneficiaries, wider communities, and other stakeholders with whom it works, including children and vulnerable adults and expects all employees/trainees and partners to share this commitment.


Job Role / Responsibilities:


As Analyst, Information Security you will be assisting in managing the Global Information Security and to protect AKU’s enterprise infrastructure, digital information, and business continuity globally through strong and effective security practices. At Aga Khan University, as an Analyst, Information Security you will be responsible for


  • assisting in preparation, assessment and enforcement of information security policies, standards, guidelines and procedures and Perform IS policy and procedures gap assessments against information security, regulatory requirements and governance standards, for example ISO27001:2022 etc. 
  • ensuring that information security policy and relevant procedures are updated, reviewed and approved by the management at the defined frequency and are in compliance with applicable privacy and identity theft laws and other regulations.
  • performing technology and information security risk assessments.
  • liaising with IT and internal/external audit teams during information systems audit and working as a central point of contact from IT to ensure appropriate flow of information to audit team with any delay.
  • working with IT team for successful closure of the audit observations for all sites (Pakistan, East Africa, UK and Afghanistan).
  • actively participating in the Security Incident Response Team (SIRT).
  • performing internal assessments and identify gaps in current documentation and operationsand working to fix these gaps.
  • working with other teams in technology, internal audit and vendors to ensure that AKU-wide information security requirements are incorporated into the rollout of new systems.
  • performing and maintaining information/ data classification policy and procedure and educating IT and business users and ensure all critical information assets are classified properly.
  • working with business functional leads and technology team leads to ensure that user access rights review and privileged access rights review will complete on time.

Eligibility Criteria / Requirements:


Incumbent must have


  • a bachelor’s degree in computer science, Computer Engineering, Information Security, or related field.
  • relevant certifications such as CISA, CISM, CISSP, ISO 27001 Lead Implementer, or equivalent Experience.
  • minimum of 2 years of hands-on experience in Information Security covering risk assessments, policy development, security awareness, IT audits, and implementation of ISO 27001.
  • proven expertise in performing security assessments for infrastructure, systems, and networks, with a focus on identifying vulnerabilities or gaps.
  • strong knowledge of Information Security frameworks and standards, including ISO 27001, NIST, and GDPR.
  • ability to conduct information security risk assessments and critical practice assessments, providing actionable insights and recommending improvements.
  • deep understanding of business activities, with the ability to tailor security solutions that address specific needs within the organization.

Comprehensive employment reference checks will be conducted


لقد تجاوزت الحد الأقصى لعدد التنبيهات الوظيفية المسموح بإضافتها والذي يبلغ 15. يرجى حذف إحدى التنبيهات الوظيفية الحالية لإضافة تنبيه جديد
تم إنشاء تنبيه للوظائف المماثلة بنجاح. يمكنك إدارة التنبيهات عبر الذهاب إلى الإعدادات.
تم إلغاء تفعيل تنبيه الوظائف المماثلة بنجاح. يمكنك إدارة التنبيهات عبر الذهاب إلى الإعدادات.