الوصف الوظيفي
Eligibility:BS/MS in Information Security / Information Technology / Computer Sciences or relevant field from an HEC recognized institute/universityExperience:3+ years in cybersecurity, including 1-3 years with security frameworks and IT audit/GRC roles.Responsibilities: Manage the risk management process, including identifying, assessing, monitoring, and reporting cyber risks while updating risk registers as needed. Conduct cyber risk assessments in line with information security standards such as NIST and ISO. Coordinate with business partners to mitigate cyber security risks and escalate issues to SMEs, managers, and business unit leads when weaknesses are identified. Monitor progress and enforce resolution of outstanding cyber security risks to prevent non-compliance or security threats. Develop and maintain cyber risk management and reporting frameworks. Develop and deliver comprehensive risk reports providing insights into the current state of cyber risks. Analyze findings, document gaps, recommend solutions, and report program deficiencies to Cyber Risk Managers. Compile monthly qualitative and quantitative metrics to demonstrate the organization’s cyber security posture. Attend and fully participate in cyber risk management meetings. Perform other duties as assigned.Skills Required: Strong business acumen and cybersecurity skills. Excellent written and verbal communication. Experience with security frameworks and regulatory compliance. Working knowledge of technologies such as cloud computing, DevOps, and application security. Experience with GRC tools like Archer, Rsam, or ServiceNow. Preferred certifications: CISSP, CRISC, CGEIT, or GRCP (or in progress).Department:Information SecurityLocation:Head Office – KarachiLast Date:1st January, 2025