Jobs in Zong Franchise – Executive Financial Operations | Islamabad

Zong CMPak Ltd

Job Title: Assistant Manager IT – Information Security

Department: BSS & IT Infrastructure Department

Reporting to: Manager IT Governance & Security

Location: Islamabad

Job Type: Permanent

Job Purpose:

Responsible for our growing IT Security GRC program that has the ability to quickly ramp up on Security requirements needed in order to achieve and implement Policies & Security controls in line with Global Standards.

Job Responsibilities:

  • Development, implementation and enforcement of policies, procedures and guidelines to ensure effective IT security across the CMPak.
  • Ensure that IT Security Program documentation is properly maintained as changes occur and that new documentation is timely developed as required and to agreed standards.
  • Periodic risk assessment exercises of existing Business / Operations Support Systems, applications, portals, network & infrastructure assets and business processes at planned intervals and when significant changes proposed or occurs.
  • Build a plan to ensure that the identified risks and vulnerabilities are appropriately mitigated through timely implementation of acceptable controls /countermeasures.
  • Ensure that all non-conformity and corrective actions are managed and implemented in a timely manner; and generally that a pro-active culture of continual improvement is encouraged and evidenced.
  • Ensure that all IT Security related incidents are documented appropriately, thoroughly analyzed along with qualified evidences and properly followed-up as and when required.
  • Strong Analytical skills to analyze behavior, logs and events in network security devices like NG Firewalls, Intrusion Detection / Prevention Systems, Virtual Private Network (VPN) Systems and Web Application Firewalls (WAF) etc.
  • In-depth knowledge of IT technologies including (but not limited to) Routing & Switching in LAN/WAN architectures, WLAN, Radius, SSO/SAML, Cloud Platform, Identity Access Management, SDLC, Data Loss Prevention (DLP), Microsoft Technologies (Active Directory, IIS, ISA, DNS, SQL) & Linux etc.
  • Serve as a focal point to liaison and foster good working relationships with Internal Audit / External Audit teams and other stakeholders (both internal and external) on required security assessments and management reviews.
  • Recommend best tools, solutions, capabilities, processes, practices, and standards after proper R&D to ensure effective and efficient implementation of IT Security related projects.
  • To evaluate, prepare and provide recommendations and periodic updates to Senior Management on the IT security related initiatives and adequacy of security controls as well as progress reviews of various projects.
  • Conduct Trainings Need Assessment (TNA) for employees to keep them abreast with the latest IT security requirements to strengthen overall security posture of CMPak.
  • Ensuring the development and effective implementation of IT security awareness program.
  • Any other task assigned by the Line Management.

Eligibility Criteria (Education, Knowledge, Experience and Skills):


  • Minimum Bachelor’s Degree preferably in Computer Science / IT / IS (MS Information Security would be preferred).
  • Candidates with CISSP / CISM / CISA / CCSP / CGEIT or any equivalent internationally accredited certification would be preferred

Work Experience:

  • At least 4-6 years experience relevant to Information Security & Governance domain.

Skills ƒ?? Job Specific:

  • Must have proven track record of performing comprehensive security assessment of IT or Telecom systems.
  • Must have proven track record of implementation of IT security vulnerabilities mitigation plans.
  • Must have strong background of network and network security related concepts.
  • Solid understanding of data handling best-practices and information management and governance.
  • Thorough knowledge of regulatory requirements and industry standards regarding Information Security.
  • Proven ability to identify and assess complex risks and understand the mechanisms (people, process, technology) available to manage those risks.
  • Must be familiar with ISO 27001, ISO 27002, COBIT, NIST, CMMI & ITIL.

Skills ƒ?? Job Generic:

  • Thorough attention to details.
  • Critical thinking and multi-tasking.
  • Business communication & presentation skills.
  • Proactive, solution focused and service oriented.
  • Interactive personality with stakeholder management ability.
  • Systematic, logical and takes responsibility for own work.
  • Have ability to work in challenging & dynamic environment
  • Result oriented, self-motivated and meets targets on time.

Leave a Comment