Zong CMPak Ltd
Job Title: Assistant Manager IT – Information Security
Department: BSS & IT Infrastructure Department
Reporting to: Manager IT Governance & Security
Location: Islamabad
Job Type: Permanent
Job Purpose:
Responsible for our growing IT Security GRC program that has the ability to quickly ramp up on Security requirements needed in order to achieve and implement Policies & Security controls in line with Global Standards.
Job Responsibilities:
- Development, implementation and enforcement of policies, procedures and guidelines to ensure effective IT security across the CMPak.
- Ensure that IT Security Program documentation is properly maintained as changes occur and that new documentation is timely developed as required and to agreed standards.
- Periodic risk assessment exercises of existing Business / Operations Support Systems, applications, portals, network & infrastructure assets and business processes at planned intervals and when significant changes proposed or occurs.
- Build a plan to ensure that the identified risks and vulnerabilities are appropriately mitigated through timely implementation of acceptable controls /countermeasures.
- Ensure that all non-conformity and corrective actions are managed and implemented in a timely manner; and generally that a pro-active culture of continual improvement is encouraged and evidenced.
- Ensure that all IT Security related incidents are documented appropriately, thoroughly analyzed along with qualified evidences and properly followed-up as and when required.
- Strong Analytical skills to analyze behavior, logs and events in network security devices like NG Firewalls, Intrusion Detection / Prevention Systems, Virtual Private Network (VPN) Systems and Web Application Firewalls (WAF) etc.
- In-depth knowledge of IT technologies including (but not limited to) Routing & Switching in LAN/WAN architectures, WLAN, Radius, SSO/SAML, Cloud Platform, Identity Access Management, SDLC, Data Loss Prevention (DLP), Microsoft Technologies (Active Directory, IIS, ISA, DNS, SQL) & Linux etc.
- Serve as a focal point to liaison and foster good working relationships with Internal Audit / External Audit teams and other stakeholders (both internal and external) on required security assessments and management reviews.
- Recommend best tools, solutions, capabilities, processes, practices, and standards after proper R&D to ensure effective and efficient implementation of IT Security related projects.
- To evaluate, prepare and provide recommendations and periodic updates to Senior Management on the IT security related initiatives and adequacy of security controls as well as progress reviews of various projects.
- Conduct Trainings Need Assessment (TNA) for employees to keep them abreast with the latest IT security requirements to strengthen overall security posture of CMPak.
- Ensuring the development and effective implementation of IT security awareness program.
- Any other task assigned by the Line Management.
Eligibility Criteria (Education, Knowledge, Experience and Skills):
Education:
- Minimum Bachelor’s Degree preferably in Computer Science / IT / IS (MS Information Security would be preferred).
- Candidates with CISSP / CISM / CISA / CCSP / CGEIT or any equivalent internationally accredited certification would be preferred
Work Experience:
- At least 4-6 years experience relevant to Information Security & Governance domain.
Skills ?? Job Specific:
- Must have proven track record of performing comprehensive security assessment of IT or Telecom systems.
- Must have proven track record of implementation of IT security vulnerabilities mitigation plans.
- Must have strong background of network and network security related concepts.
- Solid understanding of data handling best-practices and information management and governance.
- Thorough knowledge of regulatory requirements and industry standards regarding Information Security.
- Proven ability to identify and assess complex risks and understand the mechanisms (people, process, technology) available to manage those risks.
- Must be familiar with ISO 27001, ISO 27002, COBIT, NIST, CMMI & ITIL.
Skills ?? Job Generic:
- Thorough attention to details.
- Critical thinking and multi-tasking.
- Business communication & presentation skills.
- Proactive, solution focused and service oriented.
- Interactive personality with stakeholder management ability.
- Systematic, logical and takes responsibility for own work.
- Have ability to work in challenging & dynamic environment
- Result oriented, self-motivated and meets targets on time.