Information Security Analyst

<p style="text-align:left"><b>Location: </b></p>Lahore,<h2></h2><h2><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span class="emphasis"><b>Job Summary:</b></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></h2>The Information Security Analyst will be responsible for providing key development, design, integration, and enhancement of information security governance and frameworks necessary to manage the risks and cyber security for the company. This position will ensure security controls are defined, optimized, and remain consistent throughout the organization and meet regulatory requirements and industry best practices such as PCI and IT SOX.<span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><span><h2><br><span><span><span><span class="emphasis"><b>Responsibilities:</b></span></span></span></span></h2></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span><p><b><u><b>Key Accountabilities:</b></u></b></p><ul><li>Develop and implement information security frameworks and controls such as ISO27001:2013, SAN Top 20, and OWASP Top 10</li><li>Manage a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from internal customers, consultants, and service providers</li><li>Heavy responsibility on PCI and IT SOX compliance efforts</li><li>Establish baseline hardening standards for IT systems across organization</li><li>Ensure all systems are monitored by QRadar to aggregate logs, correlate events, and detect incidents</li><li>Enhance and expand patch management program, review the patches, evaluate the risk, and apply the patches using a risk based approach</li><li>Periodically update policies and procedures to ensure they accurately reflect business requirements an align to industry leading security practices</li><li>Participate in the development of Cyber Security awareness content</li><li>Conduct periodic vulnerability scanning process and penetration tests</li><li>Maintain a flexible work schedule to meet position demands for after-hours support</li></ul><p></p><p><b><u><b>Education and Experience:</b></u></b></p><ul><li>Bachelor’s degree in computer science or related field</li><li>3+ years of experience in information security</li><li>CISSP, CISA, or CISM preferred</li><li>Experience with developing security framework such as ISO, PCI, and IT SOX audit requirements and security attack vectors</li><li>Experience with data classification, access control, and security models</li><li>Experience with implementing and managing DLP, FIM, Application Whitelisting, and ERM tools</li><li>Experience with various authentication protocols and encryption algorithms</li></ul><p></p><p><b><u><b>Skills and Behaviors:</b></u></b></p><ul><li>Strong analytical and problem solving skills</li><li>Ability to work effectively will people at various levels throughout the organization</li><li>Must be able to work well under pressure, grasp new ideas quickly, think outside the box, and be able to follow up in a dynamic environment</li><li>Strong multi-tasking skills in a fast paced environment</li><li>Thorough understanding of the TCP/IP suite</li><li>Strong team player</li><li>Work well independently with minimum supervision</li><li>Excellent verbal and written communication and interpersonal skills</li></ul>