Cybersecurity Officer - Risk Management & Compliance - TJ / 1834584

Our client Riphah International University is looking for a Cybersecurity Officer - Risk Management & Compliance in Islamabad

Riphah International University is seeking a dedicated Information Security, to responsible for protecting the organization’s information assets, IT infrastructure, and data from internal and external threats. The role ensures the confidentiality, integrity, and availability of systems and information by implementing and maintaining security policies, procedures, and controls in line with regulatory and business requirements.

Job Requirements

• Bachelor’s degree in Information Security, Computer Science, IT, or related field.
• 3 to 5 years of experience in information security or cybersecurity roles.
• Strong knowledge of network security, firewalls, encryption, and security frameworks.
• Hands-on experience with security tools (SIEM, DLP, EDR, etc.).
• Understanding of risk management and compliance requirements.
• Analytical and problem-solving skills
• Strong communication and reporting abilities
• Preferred Certifications: CISSP, CISM, CEH, ISO 27001 Lead Implementer / Lead Auditor
  
  

Responsibilities

• Develop, implement, and maintain information security policies, standards, and procedures.
• Establish and maintain an Information Security Management System (ISMS).
• Conduct risk assessments and recommend mitigation strategies and maintain a risk register and track risk treatment plans.
• Ensure compliance with regulatory requirements and industry standards (e.g., ISO 27001, NIST, PCI-DSS).
• Prepare for internal and external audits and address audit findings and ensure corrective actions are implemented.
• Manage incident response, including investigation, documentation, and resolution.
• Lead incident response activities, investigations, and reporting.
• Perform periodic security audits, vulnerability assessments, and penetration testing.
• Validate fixes and ensure no residual vulnerabilities remain.
• Monitor emerging cybersecurity threats and recommend appropriate mitigation strategies.
• Coordinate with IT, compliance, and management teams to strengthen security posture.
• Prepare incident reports for management and regulators.
• Implement data classification and data handling standards.
• Ensure encryption of sensitive data at rest and in transit and ensure secure data backup and recovery mechanisms.
• Ensure security controls are integrated into BCP and DR plans.
• Maintain business continuity and disaster recovery security controls.
• Conduct periodic security awareness training for employees.
• Provide specialized training for IT and privileged users.
• Manage Security Operations Center (SOC) activities.
• Manage endpoint, firewall, IDS/IPS, SIEM, and other security tools.
• Review firewall, IDS/IPS, VPN, and endpoint security logs.
• Oversee access control management and identity governance.
• Review security posture of vendors and service providers.
• Ensure security clauses in contracts and SLAs.
• Prepare monthly reports.