Assistant Manager IS GRC

Job Title: Assistant Manager IS GRC

Department: Information Security

Grade: OG-I

Reports to: Manager GRC

About the Role:

The role is responsible for supporting the organization’s Information Security Governance, Risk, and Compliance (GRC) function to ensure compliance with regulatory, contractual, and internal security requirements.

Job Responsibilities:

• Support implementation, maintenance, and continuous improvement of the Information Security Management System (ISMS) in line with ISO/IEC 27001 requirements.
• Assist in risk assessments , risk treatment plans, and maintenance of the Information Security Risk Register .
• Support compliance with State Bank of Pakistan (SBP) Cyber Security Framework, policies, and regulatory directives.
• Assist in PCI DSS , SOX, ITGC and other regulatory or audit-related activities, including evidence collection and tracking of remediation actions.
• Coordinate internal and external security audits , regulatory inspections, and management reviews.
• Support third-party / vendor risk management , including security due diligence, risk assessments, and onboarding/offboarding reviews.
• Assist in reviewing and updating information security policies, standards, procedures, and SOPs .
• Participate in security awareness and phishing simulation programs , including reporting and metrics.
• Maintain compliance documentation, dashboards, KPIs, KRIs, and management reporting.
• Coordinate with IT, SOC, application teams, and business units on GRC-related requirements and observations.
• Perform any other GRC-related tasks assigned by the Manager GRC.

Job Requirements:

• Bachelor’s degree in computer science, IT, or a related discipline with 5+ years of relevant cybersecurity governance experience, preferably in a banking industry.
• Exposure to regulatory audits, ISO 27001, SBP requirements, or PCI DSS is highly desirable.
• Relevant certifications ISO 27001 (LI/LA), CISA are preferred.
• Proven knowledge of SBP cybersecurity regulations, guidelines, and compliance requirements.
• Ability to manage and track cybersecurity action plans, risk registers, and remediation activities.
• Strong analytical, documentation, and communication skills to engage with technical teams, auditors, and senior management.
• Ability to work independently on critical and time-sensitive tasks based on management direction.
• Statements in this document are intended to reflect, in general, the role and responsibilities of the position, but are not to be interpreted as totally inclusive.

About MMBL:

Mobilink Microfinance Bank Ltd. is providing banking services to over 48 million registered users including 20+ million monthly active customers across Pakistan. With a hybrid model that combines traditional microfinance with mobile/digital banking technologies, the bank now operates with over 114 branches and 270,000 branchless banking agents and provides a USSD (GSM) based digital channel offering savings, micro enterprise (MSME) loans, small housing loans, remittances, collection (utility bills and loan instalments), mobile wallets, insurance, G2P, B2B & B2P payments; thus, playing a leading role in the promotion of financial inclusion. MMBL is committed to fostering a positive and productive workplace, and our core values reflect this focus. These values include promoting innovation and entrepreneurship, encouraging teamwork and collaboration, and prioritizing a customer-centric approach in all aspects of our business.

Why Join MMBL?

This is an opportunity for someone who is passionate about making a difference and playing a key role in driving transformative change. Our team is committed to empowering millions with the tools necessary to succeed in the digital age, and we're looking for a talented individual to join us in this endeavor.