68 Security Governance jobs in Pakistan

Job Title: Information Security Governance & BCP Manager

Job Type: Permanent

Minimum Education: Graduation (Information Security and/or BCP related certifications

• 4+ years of relevant experience
• Excellent Knowledge of Information Security controls & concepts, BCP standards and industry best practices
• Good communication and interpersonal skills and able to perform under pressure
• Knowledge and experience of Islamic Banking

Key Responsibilities:

• Manage the Enterprise Information Security Program through Policy, standards and training processes including creating, maintaining, and managing the Information Security framework, policies, processes, standards, guidelines and Security Awareness training program.
• Identify and analyze new and emerging requirements for Policy impacts, develop and update policies, procedures, standards and guidelines accordingly.
• Review the Information Security practices to verify their compliance with the Information Security policies, standards, procedures and processes.
• Develop, Maintain and Review the Business Continuity Management Plan for Samba Bank Limited in coordination with Business Risk Coordinators (BRCs) across all functions/departments of SBL and in-line with the regulatory requirements and guidelines.
• Liaison with BRCs to conduct annual BCP testing of all critical functions.
• Coordinate and support BRCs in the development process of their respective departmental BCP document.
• Manage Bi-Annual BCP Call-Tree exercises, Annual BCP Exercise of SBL, and any other drill being conducted by regulatory authority.
• Conduct annual review of Master BCP Policy document along with the annual review of departmental BCP documents and ensures that the documents are approved with all the relevant stakeholders of Samba Bank Limited.
• Prepare annual BCP Test plan along with the BCP test results report and get both documents approved from the relevant stakeholders of SBL.
• Ensure the readiness of designated BCP sites and conduct monthly review of these sites and provide the update to CISO.
• Maintain an up to date MIS of call-tree information of all the critical identified resources of functions/departments of the Bank.
• Maintain and manage the list of BISO’s and BRC’s of all the functions/departments across the Bank.
• Maintain and manage the MIS that pertains to Information Security Awareness & BCP Awareness programs and emails.
• Provide guidance in resolving the BCP related issues, audit findings, follow-up and ensure the timely closure of any BCP related issues.
• Coordinate with internal, external and regulatory auditors related to SBL BCP.
• Review of User roles and rights management and user access management.
• Review of logs that pertains to Secrecy & Fidelity of Customer Account information.
• Develop, review and update the Information Security BCP document and ensure that all the critical documents, policies, procedures and approvals memo etc. are digitalized and available to cater the BCP requirements of Information Security Department.
• Maintain and track MIS of Corrective Action Plan (CAP) of all the internal, external and regulatory audit observations pertaining to Information Security department.

Applicants must clearly mention the title of the position in the e-mail subject line.

We are an equal opportunity employer. Female candidates and persons with disabilities are encouraged to apply.

Samba Bank reserves the right to accept or decline any application.

#J-18808-Ljbffr

Job Title:

Information Security Governance & BCP Manager Job Type:

Permanent Minimum Education:

Graduation (Information Security and/or BCP related certifications 4+ years of relevant experience Excellent Knowledge of Information Security controls & concepts, BCP standards and industry best practices Good communication and interpersonal skills and able to perform under pressure Knowledge and experience of Islamic Banking Key Responsibilities: Manage the Enterprise Information Security Program through Policy, standards and training processes including creating, maintaining, and managing the Information Security framework, policies, processes, standards, guidelines and Security Awareness training program. Identify and analyze new and emerging requirements for Policy impacts, develop and update policies, procedures, standards and guidelines accordingly. Review the Information Security practices to verify their compliance with the Information Security policies, standards, procedures and processes. Develop, Maintain and Review the Business Continuity Management Plan for Samba Bank Limited in coordination with Business Risk Coordinators (BRCs) across all functions/departments of SBL and in-line with the regulatory requirements and guidelines. Liaison with BRCs to conduct annual BCP testing of all critical functions. Coordinate and support BRCs in the development process of their respective departmental BCP document. Manage Bi-Annual BCP Call-Tree exercises, Annual BCP Exercise of SBL, and any other drill being conducted by regulatory authority. Conduct annual review of Master BCP Policy document along with the annual review of departmental BCP documents and ensures that the documents are approved with all the relevant stakeholders of Samba Bank Limited. Prepare annual BCP Test plan along with the BCP test results report and get both documents approved from the relevant stakeholders of SBL. Ensure the readiness of designated BCP sites and conduct monthly review of these sites and provide the update to CISO. Maintain an up to date MIS of call-tree information of all the critical identified resources of functions/departments of the Bank. Maintain and manage the list of BISO’s and BRC’s of all the functions/departments across the Bank. Maintain and manage the MIS that pertains to Information Security Awareness & BCP Awareness programs and emails. Provide guidance in resolving the BCP related issues, audit findings, follow-up and ensure the timely closure of any BCP related issues. Coordinate with internal, external and regulatory auditors related to SBL BCP. Review of User roles and rights management and user access management. Review of logs that pertains to Secrecy & Fidelity of Customer Account information. Develop, review and update the Information Security BCP document and ensure that all the critical documents, policies, procedures and approvals memo etc. are digitalized and available to cater the BCP requirements of Information Security Department. Maintain and track MIS of Corrective Action Plan (CAP) of all the internal, external and regulatory audit observations pertaining to Information Security department. Applicants must clearly mention the title of the position in the e-mail subject line. We are an equal opportunity employer. Female candidates and persons with disabilities are encouraged to apply. Samba Bank reserves the right to accept or decline any application.

#J-18808-Ljbffr

Company Overview:

When it comes to IT solution providers, there are a lot of choices. But when it comes to providers with innovative and differentiating end-to-end service offerings, there’s really only one: Zones – First Choice for IT.TM

Zones is a Global Solution Provider of end-to-end IT solutions with an unmatched supply chain. Positioned to be the IT partner you need, Zones, a Minority Business Enterprise (MBE) in business for over 35 years, specializes in Digital Workplace, Cloud & Data Center, Networking, Security, and Managed/Professional/Staffing services. Operating in more than 120 countries, leveraging a robust portfolio, and utilizing the highest certification levels from key partners, including Microsoft, Apple, Cisco, Lenovo, Adobe, and more, Zones has mastered the science of building digital infrastructures that change the way business does business ensuring whatever they need, they can Consider IT Done. Follow Zones, LLC on Twitter @Zones, and LinkedIn and Facebook.

Position Overview:

As the Information Security Analyst - Compliance & Risk Management, you will analyze management and technical controls to ensure compliance with security requirements. This includes mapping regulatory and security requirements across the information security framework and tracking enterprise compliance across multiple security frameworks. You will also assist internal teams in preparing for internal and external assessments and audits, collaborate on critical IT projects to address security policy and risk issues, and develop key performance metrics to track and ensure compliance with policies and standards.

What you’ll do as the Information Security Analyst – Compliance & Risk Management:

Employees employed in the role of Information Security Analyst – Compliance & Risk Management shall be required to apply their independent mind and demonstrate intellectual abilities in their decision-making.

The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Analyze management and technical controls to ensure specific security and compliance requirements are met.
• Map regulatory/security requirements across the information security framework.
• Track enterprise compliance across multiple security frameworks including ISO27001, 27701, SOC2, GDPR, and PCI-DSS, maintaining up-to-date records of requirements and corresponding mitigating controls.
• Help internal teams with readiness for internal/external assessments/audits against industry standards and review programs/documentation for conformance.
• Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.
• Develop key performance metrics to track and ensure compliance with established policies and standards.

What you will bring to the team:

• 5-7 years of information security experience.
• Experience with ISO 27001, SOC 2, and PCI-DSS compliance.
• Strong communication skills (verbal and written).
• Ability to meet deadlines and work under pressure.
• Experience of working in US-based multinational organizations is a plus.
• Security certifications such as CISSP/CISA, ISO27001.
• Extensive experience with auditing vendors/service providers/partners for compliance with security.
• Experience of working extensively with the Engineering teams (system admin, network admin, security admin, application teams) to effectively communicate the compliance requirements
• Bachelor’s degree in Computer Science or Information Technology.

Zones offers a comprehensive Benefits package

At Zones, we are committed to fostering an inclusive and diverse workplace where every team member is valued and supported. We offer a comprehensive benefits package that includes employee life insurance, health coverage for employees, spouse, and children, along with optional discounted coverage for parents. Additional benefits include, Voluntary Pension Fund Scheme, EOBI, complimentary meals, and access to an in-house gym.

We take pride in being an equal opportunity employer and are dedicated to maintaining a workplace free from discrimination of any kind. If you're passionate about driving innovation in IT, sales, engineering, or operations, Zones provide a dynamic and collaborative environment to grow your career.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin or on the basis of disability.

Job timings: 08:00 PM to 05:00 AM (Pk time)

#J-18808-Ljbffr

Information Security Analyst – Compliance & Risk Management

Join to apply for the Information Security Analyst – Compliance & Risk Management role at Zones IT Solutions

Information Security Analyst – Compliance & Risk Management

Join to apply for the Information Security Analyst – Compliance & Risk Management role at Zones IT Solutions

Get AI-powered advice on this job and more exclusive features.

Description

Company Overview:

When it comes to IT solution providers, there are a lot of choices. But when it comes to providers with innovative and differentiating end-to-end service offerings, there’s really only one: Zones – First Choice for IT.TM

Zones is a Global Solution Provider of end-to-end IT solutions with an unmatched supply chain. Positioned to be the IT partner you need, Zones, a Minority Business Enterprise (MBE) in business for over 35 years, specializes in Digital Workplace, Cloud & Data Center, Networking, Security, and Managed/Professional/Staffing services. Operating in more than 120 countries, leveraging a robust portfolio, and utilizing the highest certification levels from key partners, including Microsoft, Apple, Cisco, Lenovo, Adobe, and more, Zones has mastered the science of building digital infrastructures that change the way business does business ensuring whatever they need, they can Consider IT Done. Follow Zones, LLC on Twitter @Zones, and LinkedIn and Facebook.

Position Overview

As the Information Security Analyst - Compliance & Risk Management, you will analyze management and technical controls to ensure compliance with security requirements. This includes mapping regulatory and security requirements across the information security framework and tracking enterprise compliance across multiple security frameworks. You will also assist internal teams in preparing for internal and external assessments and audits, collaborate on critical IT projects to address security policy and risk issues, and develop key performance metrics to track and ensure compliance with policies and standards.

What you’ll do as the Information Security Analyst – Compliance & Risk Management:

Employees employed in the role of Information Security Analyst – Compliance & Risk Management shall be required to apply their independent mind and demonstrate intellectual abilities in their decision-making.

The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Analyze management and technical controls to ensure specific security and compliance requirements are met.
• Map regulatory/security requirements across the information security framework.
• Track enterprise compliance across multiple security frameworks including ISO27001, 27701, SOC2, GDPR, and PCI-DSS, maintaining up-to-date records of requirements and corresponding mitigating controls.
• Help internal teams with readiness for internal/external assessments/audits against industry standards and review programs/documentation for conformance.
• Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.
• Develop key performance metrics to track and ensure compliance with established policies and standards.
  
  

What You Will Bring To The Team

• 5-7 years of information security experience.
• Experience with ISO 27001, SOC 2, and PCI-DSS compliance.
• Strong communication skills (verbal and written).
• Ability to meet deadlines and work under pressure.
• Experience of working in US-based multinational organizations is a plus.
• Security certifications such as CISSP/CISA, ISO27001.
• Extensive experience with auditing vendors/service providers/partners for compliance with security.
• Experience of working extensively with the Engineering teams (system admin, network admin, security admin, application teams) to effectively communicate the compliance requirements
• Bachelor’s degree in Computer Science or Information Technology.
  
  

Zones offers a comprehensive Benefits package

At Zones, we are committed to fostering an inclusive and diverse workplace where every team member is valued and supported. We offer a comprehensive benefits package that includes employee life insurance, health coverage for employees, spouse, and children, along with optional discounted coverage for parents. Additional benefits include, Voluntary Pension Fund Scheme, EOBI, complimentary meals, and access to an in-house gym.

We take pride in being an equal opportunity employer and are dedicated to maintaining a workplace free from discrimination of any kind. If you're passionate about driving innovation in IT, sales, engineering, or operations, Zones provide a dynamic and collaborative environment to grow your career.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin or on the basis of disability.

Job timings: 08:00 PM to 05:00 AM (Pk time)

Seniority level

• Seniority level Not Applicable

Employment type

• Employment type Full-time

Job function

• Job function Information Technology
• Industries Computer Hardware Manufacturing, Software Development, and IT Services and IT Consulting

Referrals increase your chances of interviewing at Zones IT Solutions by 2x

Sign in to set job alerts for “Information Security Analyst” roles.

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

Information Security Analyst – Compliance & Risk Management

Join to apply for the

Information Security Analyst – Compliance & Risk Management

role at

Zones IT Solutions Information Security Analyst – Compliance & Risk Management

Join to apply for the

Information Security Analyst – Compliance & Risk Management

role at

Zones IT Solutions Get AI-powered advice on this job and more exclusive features. Description

Company Overview:

When it comes to IT solution providers, there are a lot of choices. But when it comes to providers with innovative and differentiating end-to-end service offerings, there’s really only one: Zones – First Choice for IT.TM

Zones is a Global Solution Provider of end-to-end IT solutions with an unmatched supply chain. Positioned to be the IT partner you need, Zones, a Minority Business Enterprise (MBE) in business for over 35 years, specializes in Digital Workplace, Cloud & Data Center, Networking, Security, and Managed/Professional/Staffing services. Operating in more than 120 countries, leveraging a robust portfolio, and utilizing the highest certification levels from key partners, including Microsoft, Apple, Cisco, Lenovo, Adobe, and more, Zones has mastered the science of building digital infrastructures that change the way business does business ensuring whatever they need, they can Consider IT Done. Follow Zones, LLC on Twitter @Zones, and LinkedIn and Facebook.

Position Overview

As the Information Security Analyst - Compliance & Risk Management, you will analyze management and technical controls to ensure compliance with security requirements. This includes mapping regulatory and security requirements across the information security framework and tracking enterprise compliance across multiple security frameworks. You will also assist internal teams in preparing for internal and external assessments and audits, collaborate on critical IT projects to address security policy and risk issues, and develop key performance metrics to track and ensure compliance with policies and standards.

What you’ll do as the Information Security Analyst – Compliance & Risk Management:

Employees employed in the role of Information Security Analyst – Compliance & Risk Management shall be required to apply their independent mind and demonstrate intellectual abilities in their decision-making.

The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Analyze management and technical controls to ensure specific security and compliance requirements are met. Map regulatory/security requirements across the information security framework. Track enterprise compliance across multiple security frameworks including ISO27001, 27701, SOC2, GDPR, and PCI-DSS, maintaining up-to-date records of requirements and corresponding mitigating controls. Help internal teams with readiness for internal/external assessments/audits against industry standards and review programs/documentation for conformance. Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle. Develop key performance metrics to track and ensure compliance with established policies and standards.

What You Will Bring To The Team

5-7 years of information security experience. Experience with ISO 27001, SOC 2, and PCI-DSS compliance. Strong communication skills (verbal and written). Ability to meet deadlines and work under pressure. Experience of working in US-based multinational organizations is a plus. Security certifications such as CISSP/CISA, ISO27001. Extensive experience with auditing vendors/service providers/partners for compliance with security. Experience of working extensively with the Engineering teams (system admin, network admin, security admin, application teams) to effectively communicate the compliance requirements Bachelor’s degree in Computer Science or Information Technology.

Zones offers a comprehensive Benefits package

At Zones, we are committed to fostering an inclusive and diverse workplace where every team member is valued and supported. We offer a comprehensive benefits package that includes employee life insurance, health coverage for employees, spouse, and children, along with optional discounted coverage for parents. Additional benefits include, Voluntary Pension Fund Scheme, EOBI, complimentary meals, and access to an in-house gym.

We take pride in being an equal opportunity employer and are dedicated to maintaining a workplace free from discrimination of any kind. If you're passionate about driving innovation in IT, sales, engineering, or operations, Zones provide a dynamic and collaborative environment to grow your career.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin or on the basis of disability.

Job timings: 08:00 PM to 05:00 AM (Pk time) Seniority level

Seniority level Not Applicable Employment type

Employment type Full-time Job function

Job function Information Technology Industries Computer Hardware Manufacturing, Software Development, and IT Services and IT Consulting Referrals increase your chances of interviewing at Zones IT Solutions by 2x Sign in to set job alerts for “Information Security Analyst” roles.

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

Company Overview: When it comes to IT solution providers, there are a lot of choices. But when it comes to providers with innovative and differentiating end-to-end service offerings, there’s

really only

one: Zones – First Choice for IT.TM Zones is a Global Solution Provider of end-to-end IT solutions with an unmatched supply chain. Positioned to be the IT partner you need, Zones, a Minority Business Enterprise (MBE) in business for over 35 years, specializes in Digital Workplace, Cloud & Data Center, Networking, Security, and Managed/Professional/Staffing services. Operating in more than 120 countries, leveraging a robust portfolio, and utilizing the highest certification levels from key partners, including Microsoft, Apple, Cisco, Lenovo, Adobe, and more, Zones has mastered the science of building digital infrastructures that change the way business does business ensuring whatever they need, they can Consider IT Done. Follow Zones, LLC on Twitter @Zones, and LinkedIn and Facebook. Position Overview: As the Information Security Analyst - Compliance & Risk Management, you will analyze management and technical controls to ensure compliance with security requirements. This includes mapping regulatory and security requirements across the information security framework and tracking enterprise compliance across multiple security frameworks. You will also assist internal teams in preparing for internal and external assessments and audits, collaborate on critical IT projects to address security policy and risk issues, and develop key performance metrics to track and ensure compliance with policies and standards. What you’ll do as the

Information Security Analyst – Compliance & Risk Management: Employees employed in the role of

Information Security Analyst – Compliance & Risk Management

shall be required to apply their independent mind and demonstrate intellectual abilities in their decision-making. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Analyze management and technical controls to ensure specific security and compliance requirements are met. Map regulatory/security requirements across the information security framework. Track enterprise compliance across multiple security frameworks including ISO27001, 27701, SOC2, GDPR, and PCI-DSS, maintaining up-to-date records of requirements and corresponding mitigating controls. Help internal teams with readiness for internal/external assessments/audits against industry standards and review programs/documentation for conformance. Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle. Develop key performance metrics to track and ensure compliance with established policies and standards. What you will bring to the team: 5-7 years of information security experience. Experience with ISO 27001, SOC 2, and PCI-DSS compliance. Strong communication skills (verbal and written). Ability to meet deadlines and work under pressure. Experience of working in US-based multinational organizations is a plus. Security certifications such as CISSP/CISA, ISO27001. Extensive experience with auditing vendors/service providers/partners for compliance with security. Experience of working extensively with the Engineering teams (system admin, network admin, security admin, application teams) to effectively communicate the compliance

requirements Bachelor’s degree in Computer Science or Information Technology. Zones offers a comprehensive Benefits package

At Zones, we are committed to fostering an inclusive and diverse workplace where every team member is valued and supported. We offer a comprehensive benefits package that includes employee life insurance, health coverage for employees, spouse, and children, along with optional discounted coverage for parents. Additional benefits include, Voluntary Pension Fund Scheme, EOBI, complimentary meals, and access to an in-house gym. We take pride in being an equal opportunity employer and are dedicated to maintaining a workplace free from discrimination of any kind. If you're passionate about driving innovation in IT, sales, engineering, or operations, Zones provide a dynamic and collaborative environment to grow your career. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin or

on the basis of

disability. Job timings:

08:00 PM to

05:00 AM (Pk time)

#J-18808-Ljbffr

Information Security Analyst vacancy in Khanpur Pakistan

Information Security Analyst

Our fast-growing technology company in Khanpur is seeking a highly motivated and skilled Information Security Analyst to join our team. As an Information Security Analyst, you will be responsible for protecting our company's sensitive data and ensuring the security of our systems and networks. Your primary duties will include conducting risk assessments, monitoring system activity, implementing security measures, and responding to security incidents.

The ideal candidate will have a Bachelor's degree in Computer Science or a related field, along with at least 2 years of experience in information security. Knowledge of network and system security protocols, as well as experience with security tools such as firewalls and intrusion detection systems, is required. You should also have excellent problem-solving skills and the ability to analyze complex information.

In this role, you will work closely with our IT team to identify potential vulnerabilities and develop strategies to mitigate them. You will also be responsible for staying updated on the latest security trends and best practices to ensure that our systems are always protected.

If you are passionate about information security and have a strong desire to continuously learn and improve your skills, we would love to hear from you. This is a full-time position with a competitive salary of 1600$ per month, along with accommodation provided. Candidates with their own visa are preferred, but we are open to sponsoring the right candidate. This is an excellent opportunity for freshers looking to kickstart their career in information security. Apply now and become part of our dynamic team!

This job has no reviews yet. You can be the first!

Information Security Analyst Jobs in Khanpur:

The most in-demand professions in Khanpur:

Jobs available in princess cruise company

Users also frequently search in these cities:

More professions from the category IT sphere:

Subscribe to our telegram channel @layboard_in

#J-18808-Ljbffr

Universal Digital Health Care (UDHC) , Pakistan

• Cloud Security Architecture: Design, develop, and implement robust security architecture for cloud-based systems, ensuring compliance with industry standards and regulations. Had working for SIME deployments i.e. WAZUH or any similar tool.

• Security Implementation: Deploy and configure security tools, controls, and technologies in cloud environments, such as firewalls, intrusion detection/prevention systems, encryption mechanisms, and access controls.

• Risk Assessment and Management: Conduct regular risk assessments and vulnerability scans to identify and mitigate security risks and threats in cloud infrastructure and applications.

• Incident Response: Develop and maintain incident response plans and procedures to effectively respond to security incidents, including investigation, containment, and remediation.

• Security Monitoring and Logging: Implement monitoring and logging solutions to continuously track and analyze security events and activities within cloud environments and respond promptly to any suspicious behavior or anomalies.

• Identity and Access Management (IAM): Manage user access and permissions in cloud platforms, ensuring least privilege principles are enforced and access controls are properly configured.

• Security Compliance: Ensure compliance with relevant security standards, regulations, and frameworks (e.g., GDPR, HIPAA, ISO 27001) in cloud environments, and assist with audits and assessments as needed.

• Security Awareness and Training: Develop and deliver security awareness programs and training sessions to educate employees and stakeholders on cloud security best practices and policies.

• Collaboration and Communication: Collaborate with cross-functional teams, including IT operations, development, and business units, to integrate security into all aspects of the cloud lifecycle and communicate security requirements effectively.

• Continuous Improvement: Stay abreast of emerging threats, vulnerabilities, and security technologies in the cloud space, and recommend and implement improvements to enhance the overall security posture.

Job Specification

Qualifications:

• Bachelor’s degree in computer science, Information Security, or a related field; master’s degree preferred.

• Proven experience (2-3 years) working as a security engineer or architect, with a focus on cloud security.

• Strong understanding of cloud computing platforms (e.g., AWS, Azure, Google Cloud) and their security features and services.

• Hands-on experience with cloud security tools and technologies, such as cloud access security brokers (CASBs), cloud workload protection platforms (CWPPs), and cloud security posture management (CSPM) tools.

• Certifications such as Certified Cloud Security Professional (CCSP), or AWS Certified Security Specialty are highly desirable.

• Excellent analytical, problem-solving, and communication skills.

• Ability to work independently and collaboratively in a fast-paced environment.

• Strong commitment to maintaining the highest standards of security and compliance.

• Experience with scripting and automation (e.g., Python, PowerShell) for security tasks is a plus

Hospital & Health Care - Lahore, Pakistan

#J-18808-Ljbffr

About the Role:
We are seeking a motivated Information Security Specialist with a strong foundation in compliance frameworks and offensive security. The ideal candidate will have hands-on experience with ISO 27001, HIPAA, SOC 2, as well as practical skills in penetration testing and security risk assessments. This role requires both a compliance mindset and an attacker’s perspective to ensure a well-rounded approach to organizational security.

Key Responsibilities:
● Governance, Risk & Compliance
○ Maintain and improve the organization’s Information Security Management System (ISMS) in alignment with ISO 27001.
○ Support compliance efforts for HIPAA and SOC 2 frameworks.
○ Conduct risk assessments, document findings, and recommend remediation strategies.
○ Assist in preparing for internal and external audits.

● Offensive Security & Technical Security Testing
○ Perform internal and external penetration testing, including web, network, and cloud environments.
○ Conduct vulnerability assessments and report exploitable weaknesses.
○ Simulate real-world attack scenarios to test security controls and incident response readiness.

● Security Awareness & Incident Support
○ Work with cross-functional teams to improve security posture.
○ Contribute to security awareness training programs.
○ Assist in security incident investigations and root cause analysis.


Requirements

Required Qualifications
● Education: Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience).

● Certifications:
○ Mandatory: ISO 27001 Lead Implementer (LI)
○ Offensive Security Certifications: CPPT, CWPTX or similar

● Experience:
○ 2–3 years in information security roles covering both compliance and offensive security.
○ Hands-on involvement in ISO 27001 implementation/maintenance, HIPAA, and SOC 2 compliance projects.
○ Experience performing penetration tests and vulnerability assessments.

Desired Skills:
● Knowledge of security standards such as NIST, CIS Controls, and GDPR.
● Strong report writing and communication skills for both technical and non-technical audiences.
● Understanding of incident response processes.


#J-18808-Ljbffr