Job Description
Entity: Aga Khan University
Location: Karachi
Introduction to the Aga Khan University:
Chartered in 1983, Aga Khan University (AKU) is a private, autonomous and self-governing international university with 13 teaching sites in 6 countries distributed across three continents. As an integral part of the Aga Khan Development Network, AKU provides higher education in several disciplines, carries out research pertinent to the countries in which it exists and has campuses, programmes and/or teaching hospitals in Afghanistan, Kenya, Pakistan, Tanzania, Uganda and the UK. As an international institution, AKU operates on the core principles of quality, relevance, impact and access; and AKU is a model of academic excellence and an agent of social change.
As an equal opportunity employer, AKU believes in promoting a diverse and inclusive culture and is committed to adopt appropriate standards for safeguarding and promoting a respectful relationship with and between diverse workforce of its faculty, staff, trainees, volunteers, beneficiaries, wider communities, and other stakeholders with whom it works, including children and vulnerable adults and expects all employees/trainees and partners to share this commitment.
Job Role / Responsibilities:
Reporting to the Senior Manager, AKU Information Security. You will be responsible for;
- preparing, assessing and enforcing information security policies, standards, guidelines and procedures to ensure ongoing maintenance of security for all campuses
- ensuring all IT and Information Security programs and policies are in compliance with applicable privacy and identity theft laws and other regulations such as ISO 27001, GDPR etc.
- assisting in the implementation of ISO-27001 security controls, and information security management system (ISMS) at AKU
- monitoring security trends and drive security best practices throughout the organization
- monitoring for security breaches and investigate a violation when one occurs. prepare reports that document security breaches and the extent of the damage caused by the breaches
- evaluating and recommending counter measures against threats to information or privacy globally
- identifying/recommending tools, processes, software, and hardware to improve or replace current security infrastructure practices, services, or technologies used globally to meet future requirements
- coordinating with internal and external auditors, third party firms and consultants for audits, security risk assessments, vulnerability scans and penetration tests
- managing and driving remediation efforts related to information security; remediation may be from incidents, penetration tests, vulnerability scans, internal/external audits for all campuses and critical practice assessments
- understanding the business activities performed by AKU, and based on this understanding, suggests appropriate information security solutions that adequately protect these activities AKU- wide
- organizing, plan and conduct AKU-wide security awareness programs and campaigns, that are aligned with global security policy, standards, regulatory requirements, and industry practices
- identifying information security weaknesses and/or gaps in the current operations and working with other teams to bring information security operations up to standards AKU wide
- working with other departments such as internal audit, legal and vendors to supervise AKU-wide information security requirements are incorporated into the rollout of new systems
- providing support and guidance to internal users when they need to learn about new security products and procedures
- working with the Technology team to manage threat protection strategies to include all layers of Information Security strategies such as firewalls, patching, anti-virus, log monitoring, data backup, disaster recovery, etc.
Qualifications - External
Eligibility Criteria / Requirements:
You should have:
- a Master’s degree in Computer Science, Information Technology, Information Security or related field
- 4-6 years of hands-on experience in IT and Information Security Management
- possession of standard certifications including CISSP, CISM, CISA, strongly preferred
- strong knowledge of Information Security and technology standards including but not limited to ISO 27001, NIST, COBIT, ITIL, HIPAA etc
- experience or good understanding of implementing and maintaining ISO 27001 information security management system (ISMS)
- the ability to perform information security risk assessments. IT security assessments and identify information security weaknesses and/or gaps in the current operations is a must
- the capability to evaluate and recommend new global information security technologies and counter measures against threats to information or privacy globally
- the ability to administer incident response planning and investigation process of security breaches globally, and facilitate the management with disciplinary and legal matters associated with such breaches as necessary
- knowledge of Business Continuity Planning, IT Disaster Recovery, auditing, and risk management, as well as contract and vendor negotiation
- the ability to manage and drive remediation efforts related to information security; remediation may be from incidents, penetration tests, vulnerability scans, internal/external audits for all campuses and critical practice assessments
- experience of understanding the business activities performed by AKU, and based on this understanding, suggests appropriate information security solutions that adequately protect these activities AKU-wide
- the ability to work with other departments and vendors to supervise AKU-wide information security requirements are incorporated into the rollout of new systems
- experience of working with a diverse group of individuals in a collaborative team environment
- must be highly analytical and effectively able to troubleshoot and prioritize needs, requirements and other issues
- aside from technical skills; excellent communications, teamwork, leadership and conflict management skills.
Comprehensive employment reference checks will be conducted
