135 Information Security jobs in Pakistan

Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from Mashreq

We are seeking a skilled Assistant Manager – Security Assurance with 4 to 5 years’ experience. The ideal candidate will lead and perform vulnerability assessments, penetration testing, application and API security assessments, and baseline reviews to ensure the robustness of our infrastructure and applications. Strong expertise in VA/PT, API security, and application security testing (SAST/DAST) is essential. Experience with Qualys and familiarity with Azure Cloud or DevOps pipelines will be considered an added advantage. The role will focus on identifying, validating, and tracking security risks while supporting security compliance initiatives and remediation efforts.

Key result Areas

Key result Areas

• Conduct infrastructure, network, and application-level vulnerability assessments using tools like Qualys, Burp Suite, etc.
• Execute penetration testing across web applications, APIs, and infrastructure environments.
• Perform and lead static (SAST) and dynamic (DAST) application security assessments.
• Evaluate API endpoints for misconfigurations, security flaws, and vulnerabilities.
• Perform baseline configuration reviews against standards such as CIS and STIG.
• Prepare detailed technical reports on findings and communicate risks to stakeholders.
• Provide technical guidance and support for remediation of identified vulnerabilities.
• Collaborate with DevOps teams to embed security practices in CI/CD pipelines.
• Maintain documentation for audit and regulatory compliance.
• Lead internal knowledge-sharing sessions and participate in evaluating new tools.

Knowledge, Skills and Experience

Knowledge, Skills and Experience

• Bachelor’s degree in computer science, Information Security, IT, or related field.
• 4 to 5 years of experience in vulnerability management, penetration testing, and application/API security assessments.
• Relevant certificates (e.g., OSCP, CEH, eWPT) are highly desirable.
• Proficient with security tools like Qualys, Burp Suite, OWASP ZAP, Fortify.
• Strong understanding of OWASP Top 10, secure coding principles, and API security best practices.
• Basic understanding of wireless security testing is a plus.
• Excellent analytical, problem-solving, and technical communication skills.

• Seniority level Associate

• Employment type Full-time

• Job function Analyst
• Industries Banking

Referrals increase your chances of interviewing at Mashreq by 2x

Karachi South District, Sindh, Pakistan 2 days ago

Karachi Division, Sindh, Pakistan 5 days ago

Karachi Division, Sindh, Pakistan 3 days ago

Karachi Division, Sindh, Pakistan 3 days ago

Karachi Division, Sindh, Pakistan 5 days ago

Karachi Division, Sindh, Pakistan 1 day ago

Karachi Division, Sindh, Pakistan 4 days ago

Karachi Division, Sindh, Pakistan 5 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

• Job Role : Candidate should have good knowledge about SMS Firewalls, Messaging flow. Knowledge of protocols such as SS7, SMPP, SMSC.
• Required Experience : Fresh – 2 years of experience in relevant domain. Females are encouraged to apply for this role.
• Job Location : Islamabad, Blue Area.
• Apply at: (Mention SMS Firewall Engineer in email subject).
• Company website: gms.net

As a Senior Cyber Recovery Consultant, you will provide end-to-end custom consulting, design and implementation support for customers, specifically related to Dell Technologies products. This may include pre-sales kick-offs, consulting, initial design workshops, implementation, customization, integration and outline orientation for the customer. You will work closely with internal and customer resources to ensure a smooth transition from the initial consultation through to integration/production mode. You will be considered a subject matter expert around Cyber Recovery solutions and knowledgeable of industry best practices in the design and implementation of complex Cyber Recovery and Data Protection solutions.

Join to apply for the Security and Compliance Analyst role at Nakisa

Join to apply for the Security and Compliance Analyst role at Nakisa

About Nakisa

Nakisa stands as a global leader in enterprise business solutions, specializing in Human Resources, Financial Management, and Real Estate. We are dedicated to delivering innovative, forward-thinking, and robust software solutions that propel business strategies forward. Trusted by numerous Fortune 1000 companies, our top-of-the-line solutions have consistently excelled in the market, underscoring our commitment to providing our clients with unparalleled experience.

About Nakisa

Nakisa stands as a global leader in enterprise business solutions, specializing in Human Resources, Financial Management, and Real Estate. We are dedicated to delivering innovative, forward-thinking, and robust software solutions that propel business strategies forward. Trusted by numerous Fortune 1000 companies, our top-of-the-line solutions have consistently excelled in the market, underscoring our commitment to providing our clients with unparalleled experience.

Our team represents a rich tapestry of cultural and religious backgrounds, making diversity our greatest asset. Unified by our values of Fairness, Integrity, Service, and Humility, we foster an environment where unity and teamwork are our core strengths. At Nakisa, we continuously strive to ensure that these values guide our actions at every level.

As a company, we are in a phase of dynamic growth and prosperity, offering ample opportunities for those who join us on this journey to develop and thrive alongside us. If you are seeking a workplace where your contributions are valued and where you can actively participate in our pursuit of excellence, Nakisa welcomes you with open arms.

We’re recognized as one of the best Canadian employers, having been named one of Montreal’s top employers, as well asone of Canada’s best employers for recent graduates.

Our people and our culture are the key to our success. If you're looking for a workplace that embraces a hybrid work model, values your contributions, and encourages active participation in our pursuit of excellence, Nakisa warmly invites you to join us.

Description:

Nakisa is seeking a detail-oriented, proactive, and technically curious Security and Compliance Analyst to support our growing global security and compliance initiatives. This role is central to maintaining and enhancing Nakisa’s compliance posture with recognized standards such as SOC 1, SOC 2, ISO/IEC 27001 , and data privacy regulations.

You’ll work closely with internal teams and external auditors to manage evidence collection, track audit deliverables, and maintain robust documentation. You’ll also assist with RFPs/RFIs from prospective clients and contribute to internal security improvement projects. A strong interest and understanding of Artificial Intelligence (AI) , particularly its implications on compliance and security, is essential.

This is an excellent opportunity for someone looking to launch or grow a career in information security and compliance in a fast-paced SaaS environment that is deeply invested in cloud technology, AI , and process excellence .

Key Responsibilities:

• Coordinate and manage tasks related to Nakisa’s security and compliance programs, including SOC 1, SOC 2, and ISO 27001 audits.
• Collaborate with internal stakeholders and external auditors to collect, organize, and validate audit evidence and documentation.
• Drive and support continuous improvement of internal processes, controls, and compliance documentation.
• Assist in completing security and compliance sections of RFPs, RFIs, and due diligence questionnaires from prospects and clients.
• Contribute to internal information security projects and process improvements.
• Ensure documentation and policies are accurate, up-to-date, and aligned with industry standards.
• Monitor and follow up on compliance deadlines, audit deliverables, and remediation actions.
• Stay informed on evolving security frameworks, regulatory requirements, and AI-related security practices.
• Educate employees on security awareness topics and best practices through training, content creation, or internal communications.
  
  

• Bachelor’s degree in information security, Cybersecurity, Information Systems, Computer Science, or a related field—or equivalent hands-on experience.
• Solid knowledge of industry standards and frameworks, such as:
• SOC 1 / SOC 2 (Type I & II), ISO/IEC 27001 & 27017, CIS Controls, Data protection regulations (GDPR, PIPEDA, CCPA, etc.)
• Strong reporting and documentation skills:
• Proficiency in generating audit reports, compliance documentation, and RFP/RFI responses
• Skilled in Excel, Word, PowerPoint, and PDF tools for structured reporting and evidence tracking
• Experience with compliance audits, security questionnaires, or risk assessments
• Basic technical knowledge of cloud environments (AWS, Azure, GCP), access controls, encryption, and security operations
• Exceptional attention to detail, with the ability to identify gaps, maintain precision, and meet deadlines
• Strong verbal and written communication skills, comfortable working cross-functionally with internal teams, auditors, and clients
• Demonstrated interest and foundational knowledge in Artificial Intelligence, especially its impact on cybersecurity and compliance
  
  

• 3+ years of relevant work experience in security compliance, audit, or GRC functions
• Exposure to internal controls testing, risk registers, or information security policies
• Certifications (or active pursuit) such as:
• Certified in Cybersecurity (ISC² CC), ISO 27001 Lead Implementer or Foundations, CISA etc.
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Industries Translation and Localization

Referrals increase your chances of interviewing at Nakisa by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

• Plan, execute, and report on penetration tests against web applications, network, infrastructure, and databases
• Identify and exploit security vulnerabilities to assess the risk to the business
• Produce high-quality technical reports and executive summaries
• Collaborate with internal stakeholders to validate findings and recommend mitigation strategies
• Stay up to date with the latest security threats, vulnerabilities, and attack techniques
• Support security awareness initiatives and contribute to internal security improvements
• Provide mentorship to junior testers or team members where applicable
  
  

• Bachelor's degree in Cybersecurity, Computer Science, Information Security, or a related field (or equivalent experience)
• Must have CREST Registered Penetration Tester (CRT) or higher certification (e.g., CCT INF, CCT APP)
• Proven experience in conducting penetration tests across various platforms
• Strong knowledge of OWASP Top 10, NIST, MITRE ATT&CK, and common exploitation frameworks (e.g., Metasploit, Burp Suite, Cobalt Strike)
• Proficient in scripting or coding languages such as Python, PowerShell, or Bash
• Experience with both manual and automated testing techniques
• Familiarity with reporting tools and formats used in regulated industries
• Excellent communication and documentation skills
  
  

• Plan, execute, and report on penetration tests against web applications, network, infrastructure, and databases
• Identify and exploit security vulnerabilities to assess the risk to the business
• Produce high-quality technical reports and executive summaries
• Collaborate with internal stakeholders to validate findings and recommend mitigation strategies
• Stay up to date with the latest security threats, vulnerabilities, and attack techniques
• Support security awareness initiatives and contribute to internal security improvements
• Provide mentorship to junior testers or team members where applicable
  
  

• Bachelor's degree in Cybersecurity, Computer Science, Information Security, or a related field (or equivalent experience)
• Must have CREST Registered Penetration Tester (CRT) or higher certification (e.g., CCT INF, CCT APP)
• Proven experience in conducting penetration tests across various platforms
• Strong knowledge of OWASP Top 10, NIST, MITRE ATT&CK, and common exploitation frameworks (e.g., Metasploit, Burp Suite, Cobalt Strike)
• Proficient in scripting or coding languages such as Python, PowerShell, or Bash
• Experience with both manual and automated testing techniques
• Familiarity with reporting tools and formats used in regulated industries
• Excellent communication and documentation skills
  
  

Mobilink Microfinance Bank Limited seeks a visionary and technically proficient Data Protection Officer (DPO) to lead the bank’s enterprise-wide data protection and privacy program. Reporting directly to the Head of Information Security, the DPO will be responsible for establishing the governance, architecture, and operational execution of the Bank’s privacy and data protection obligations. This leadership role will oversee the implementation of a formal Data Protection and Governance Program, manage the lifecycle of sensitive and regulated data, deploy advanced Data Loss Prevention (DLP) systems, and ensure full compliance with relevant State Bank of Pakistan (SBP) regulations, Pakistan’s Personal Data Protection Act (when enacted), and applicable international standards, including ISO/IEC 27001 and PCI DSS. The DPO will serve as the Bank’s authority on privacy, act as a secondary liaison to regulators and law enforcement via the Compliance function, and serve as the internal champion for all privacy-by-design and data accountability initiatives.

What Head Data Protection - MMBL Does?

Strategic Privacy Program Design & Leadership:

• Develop, own, and drive the enterprise privacy and data protection strategy in alignment with SBP’s regulatory expectations and international best practices.
• Establish and operationalize a centralized Data Protection Office, defining its charter, structure, roles, and reporting lines.
• Define a bank-wide data protection operating model, integrating privacy requirements into enterprise risk management and governance frameworks.
• Champion data ethics, responsible data handling, and privacy-by-default principles across the organization.

Regulatory Compliance & Privacy Risk Management:

• Ensure continuous compliance with SBP’s Framework on IT Governance and Risk Management, o SBP’s Cybersecurity Framework, o Pakistan’s Personal Data Protection Bill, o ISO/IEC 27001, PCI DSS, and GDPR (where applicable).
• Act as the bank’s focal point or designated secondary liaison with SBP and other relevant regulatory bodies through the Compliance and Legal departments.
• Lead Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new systems, products, and processes.
• Monitor changes in local and global data privacy regulations and proactively adjust compliance strategies.

Data Governance & Inventorization:

• Lead implementation of data classification, tagging, and ownership models across data types and systems.
• Oversee and maintain accurate and up-to-date Records of Processing Activities (RoPAs) in line with SBP and global privacy standards.
• Ensure policies for data minimization, retention, disposal, and lifecycle management are in place and enforced.

Technology & Data Loss Prevention (DLP) Oversight:

• Collaborate with IT, SOC, and Information Security teams to ensure privacy-by-design and privacy-by-default in systems architecture.
• Oversee the deployment, configuration, and monitoring of DLP solutions across all critical data touchpoints—endpoints, email, file storage, and networks.
• Ensure technical controls are aligned with SBP’s cybersecurity baseline controls.

Vendor, Third-Party & Contractual Privacy Assurance:

• Evaluate third-party vendors, partners, and outsourcing arrangements for privacy and data protection risks.
• Ensure Data Processing Agreements (DPAs), SLAs, and contractual clauses reflect regulatory and internal privacy requirements.
• Conduct vendor risk assessments and ensure privacy obligations are embedded in procurement and onboarding processes.

Privacy Incident Management & Breach Handling:

• Develop, maintain, and test the Privacy Incident Response Plan in alignment with SBP’s incident handling guidelines.
• Maintain a personal data breach register and ensure timely notification to SBP and affected stakeholders in case of qualifying breaches.
• Work with SOC, IT, and Legal to coordinate breach response and containment.
• Develop and roll out privacy awareness programs, including mandatory and role-specific training modules for staff.
• Promote a culture of privacy through KPIs, employee engagement campaigns, and executive support.
• Regularly assess training effectiveness and incorporate feedback from business units.

Reporting & Stakeholder Communication:

• Provide periodic updates to senior management and the Board of Directors on the maturity and effectiveness of the data protection program.
• Contribute to internal audits and regulatory examinations, ensuring evidence of compliance is maintained and auditable.
• Generate dashboards and metrics on privacy risks, incident trends, and regulatory compliance status.

What are we looking for and what does it require to be Head Data Protection - MMBL?

Educational Background:

• Bachelor’s or Master’s degree in Information Security, Law, Cybersecurity, Risk Management, or related field.

Experience:

• Experience in privacy and security governance.
• Previous experience in regulatory compliance, risk management, or data protection roles.

Technical Proficiency:

• Certifications (preferred):
• CDPO (Certified Data Protection Officer)
• CIPM (Certified Information Privacy Manager)
• CIPP/E (Certified Information Privacy Professional/Europe)
• CISA (Certified Information Systems Auditor)
• CISSP (Certified Information Systems Security Professional)
• CRISC (Certified in Risk and Information Systems Control)
• PCI DSS (Payment Card Industry Data Security Standard) knowledge

Soft Skills:

• Strong analytical and problem-solving skills.
• Excellent communication and stakeholder management skills.
• Ability to work independently and in teams.

About MMBL:

Mobilink Microfinance Bank Ltd. is providing banking services to over 48 million registered users including 20+ million monthly active customers across Pakistan. With a hybrid model that combines traditional microfinance with mobile/digital banking technologies, the bank now operates with over 114 branches and 270,000 branchless banking agents and provides a USSD (GSM) based digital channel offering savings, micro enterprise (MSME) loans, small housing loans, remittances, collection (utility bills and loan instalments), mobile wallets, insurance, G2P, B2B & B2P payments; thus, playing a leading role in the promotion of financial inclusion. MMBL is committed to fostering a positive and productive workplace, and our core values reflect this focus. These values include promoting innovation and entrepreneurship, encouraging teamwork and collaboration, and prioritizing a customer-centric approach in all aspects of our business.

Why Join MMBL?

This is an opportunity for someone who is passionate about making a difference and playing a key role in driving transformative change. Our team is committed to empowering millions with the tools necessary to succeed in the digital age, and we're looking for a talented individual to join us in this endeavour.

• Seniority level Not Applicable

• Employment type Full-time

• Job function Other
• Industries Banking

Referrals increase your chances of interviewing at Mobilink Bank by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

The primary responsibility of this role is to ensure the security of our Android applications through rigorous testing, risk assessment, and the implementation of robust security measures. The ideal candidate will have a strong background in Vulnerability Assessment and Penetration Testing (VAPT), along with extensive experience in API testing, code review, security automation, threat modelling, and Governance, Risk, and Compliance (GRC) practices. Additionally, the candidate should possess in-depth knowledge of best security practices for app development, AWS security, and endpoint security.

What will be your responsibilities?

1. Conduct thorough Vulnerability Assessment and Penetration Testing (VAPT) on Android applications to identify and exploit security vulnerabilities.
2. Perform risk assessments to evaluate the potential impact of identified vulnerabilities and provide recommendations for mitigation.
3. Conduct API testing to ensure the security of interfaces used by mobile applications.
4. Conduct code reviews to identify security flaws and weaknesses in Android application code.
5. Develop and implement security policies, procedures, and processes tailored to mobile application security requirements.
6. Automate security assessment tasks to improve efficiency and effectiveness.
7. Perform threat modelling to identify potential security threats and vulnerabilities in Android applications and develop mitigation strategies.
8. Collaborate with stakeholders to ensure compliance with Governance, Risk, and Compliance (GRC) requirements and standards.
9. Stay up to date with the latest security threats, vulnerabilities, and best practices related to mobile application security, AWS security, endpoint security, threat modelling, and GRC.
10. Collaborate with development teams to integrate security into the software development lifecycle (SDLC) and provide guidance on secure coding practices.
11. Supervise and guide the daily operations of the cybersecurity team.

What are we looking for and what does it require to be the right fit for this role?

• Bachelor's degree in Computer Science, Information Security, or a related field
• Minimum of 5 years of experience in cybersecurity, with a focus on mobile application security.
• Demonstrated experience in conducting VAPT on Android applications.
• Proficiency in API testing and code review techniques.
• Experience in developing security policies, processes, and procedures.
• Strong scripting skills with experience in Python, Shell scripting, or similar languages for security automation.
• In-depth knowledge of security best practices for app development, including secure coding practices, encryption techniques, and authentication mechanisms.
• Familiarity with AWS security best practices.
• Knowledge of endpoint security solutions and best practices.
• Experience with threat modelling methodologies and tools.
• Familiarity with Governance, Risk, and Compliance (GRC) practices and standards.
• CEH, OSCP, CISM or eCPPT certifications are preferred.

Why Join AIO?

Our mission is to revolutionise the US restaurant industry by providing a comprehensive and fully integrated solution that empowers restaurant owners to efficiently manage all aspects of their businesses. Our platform, designed to meet the unique challenges (post-COVID-19) faced by restaurants, combines our patented AI technology with unparalleled customer support to help owners increase revenue, reduce costs, and improve their overall profit margins.

We believe that restaurants should be able to focus on delivering exceptional dining experiences to their customers, without the added stress of managing complex and disparate systems. That's why we offer an all-in-one super app platform for all of their needs, from front-of-the-house operations like ordering, payment, marketing and rewards, to back-of-the-house management like inventory, staff, and financials.

We are laser-focused on becoming a significant player in the $55 billion worth restaurant tech SaaS market. You will be a part of a world-class Silicon Valley-funded startup.

Information Security Analyst

Our fast-growing technology company in Khanpur is seeking a highly motivated and skilled Information Security Analyst to join our team. As an Information Security Analyst, you will be responsible for protecting our company's sensitive data and ensuring the security of our systems and networks. Your primary duties will include conducting risk assessments, monitoring system activity, implementing security measures, and responding to security incidents.

The ideal candidate will have a Bachelor's degree in Computer Science or a related field, along with at least 2 years of experience in information security. Knowledge of network and system security protocols, as well as experience with security tools such as firewalls and intrusion detection systems, is required. You should also have excellent problem-solving skills and the ability to analyze complex information.

In this role, you will work closely with our IT team to identify potential vulnerabilities and develop strategies to mitigate them. You will also be responsible for staying updated on the latest security trends and best practices to ensure that our systems are always protected.

If you are passionate about information security and have a strong desire to continuously learn and improve your skills, we would love to hear from you. This is a full-time position with a competitive salary of 1600$ per month, along with accommodation provided. Candidates with their own visa are preferred, but we are open to sponsoring the right candidate. This is an excellent opportunity for freshers looking to kickstart their career in information security. Apply now and become part of our dynamic team!

This job has no reviews yet. You can be the first!

Information Security Analyst Jobs in Khanpur:

The most in-demand professions in Khanpur:

Jobs available in princess cruise company

Users also frequently search in these cities:

More professions from the category IT sphere:

Subscribe to our telegram channel @layboard_in