Job Scale/ Grade: Up to M5
Min. Experience Required: Minimum of 5(five) years’ relevant experience of working, preferably, with/in a bank/FI/DFI in Pakistan.
Vacancies/Slots: 1 (Islamabad)
Key Responsibilities
Develop, review and revise policies, procedures, and processes, validate them following conformity objectives.
Direct core cybersecurity operations: Security Operations Center (SOC), incident response, vulnerability assessment and penetration testing (VAPT).
Mentor, build, and operationalize teams responsible for SOC, IR, VAPT, and technical assessment.
Provide, develop, or define security baseline standards for information assets, ensure, monitor implementation process, and re-validate them at a regular interval.
Oversee response to security incidents and orchestrate forensic analysis, root-cause investigation, and coordination with stakeholders.
Strengthen the threat detection and response capability by continuously enhancing detection capability and regularly assessing through Red Team/Blue Team exercises.
Lead technical proof-of-concepts (POCs), evaluate emerging security tools, and recommend best-fit controls and vendors to the CRO to strengthen the security posture.
Lead vulnerability assessment and penetration testing activities and provide guidance on identification, analysis, prioritization, and remediation of vulnerabilities.
Identify and remediate gaps in the implementation of technical security controls under IS function to ensure they are fully effective and delivering intended protection.
Enhance operational capabilities by driving continuous improvement and encouraging innovation across all cybersecurity functions.
Support CRO for reporting cyber risks and mitigation plans to executive leadership.
Coordinate with internal and external stakeholders, including procurement for renewals and new security projects, legal teams for SLAs and contracts, and audit, compliance, and GRC functions to support reviews, assessments, and evidence collection.
Develop and implement, together with suitable materials, an information security awareness and training program and deliver it to the entire network.
Access Management review and identification of the anomalies in the system and data. maintaining SOD matrix in line with the information security policy.
Any other task assigned by line management.
Core Competencies
E Deep expertise in managing SOC platforms, SIEM tools, endpoint protection, threat hunting, and network security operations.
Proven experience in VAPT, red teaming, and application/infrastructure penetration testing.
Solid understanding of Privileged Access Management tools and best practices.
Practical track record in conducting technical POCs, evaluating security controls, and advising CISO level stakeholders.
Hands-on experience in incident handling, forensic investigation, disaster recovery, and resilience planning
Knowledge of security regulations, data privacy laws, and cyber risk frameworks (e.g., NIST, ISO 27001).
Extensive knowledge of Network Security
Comprehensive knowledge of IT System Security
Clear understanding of Governance Framework, Operations & BCP
Effective communication and interpersonal abilities.
Familiarity with industry regulations and best practices.
Proven track record in process improvement and risk management.
Excellent leadership, communication, and interpersonal skills.
Ability to operate strategically and execute with a strong attention to detail.
Demonstrated capability in managing security operations centers, vulnerability management programs, and incident response
Proven ability to handle security breaches, audits, and regulatory scrutiny.
Qualification:
Minimum of 16(sixteen) years’ education having majored in IT, Systems, Computer Engineering, Software Engineering and/or Information Security, from a leading international or local university recognised by the Higher Education Commission (H.E.C.) of Pakistan.
Back to Jobs
