Qureos

FIND_THE_RIGHTJOB.

companyLogo
Contour Software

Lead GRC Analyst

JOB_REQUIREMENTS

Hires in

Not specified

Employment Type

Not specified

Company Location

Not specified

Salary

Not specified

About Contour
Contour Software
has grown from a dozen people to over 2,000 staff across 3 cities, in less than 14 years.

As a subsidiary of Constellation Software Inc., we are proud to be part of a global enterprise software conglomerate that has grown to become one of the top 10 software companies in the world, with employees and customers in 100+ countries. With a broad-based and ever-growing portfolio of market-leading, vertical-market enterprise solutions covering more than 100 industry domains in predominantly mature markets, CSI's recipe creates the perfect environment for professionals to build fulfilling, long-term careers.

What started as an R&D & Accounting back-office, has progressed into a full-service Global Centre serving all functions and departments, at the divisional as well as operating group/corporate level. Today Contour employees, located in Karachi, Lahore & Islamabad, are serving CSI divisions located in time zones spanning the globe, from Sydney to Vancouver. With the global growth of Constellation as the wind in our sails, we are only just getting started!
Role Overview
The Lead GRC Analyst will be responsible for establishing and embedding a unified approach to information security governance, risk, and compliance across a diverse portfolio of software businesses operating globally. This individual will drive alignment across 31 business units towards a common ISO 27001-based Information Security Management System (ISMS), ensuring consistent application of cyber risk management practices, control implementation, and evidence collection.
This role is central to the company’s mission to mature its security posture as it continues its growth through acquisitions, integrating new entities into a cohesive, compliant, and well-governed ecosystem.

Key Responsibilities
1. Governance & ISMS Implementation
  • Lead the design, implementation, and ongoing management of a group-wide ISMS, aligned to the ISO 27001 framework.
  • Develop, publish, and maintain all information security and compliance policies, standards, and procedures for the group.
  • Establish governance structures for cyber and information security across the portfolio, including steering committees, reporting lines, and communication cadences.
  • Ensure each business unit maintains and evidences alignment with the group ISMS.
2. Risk Management
  • Develop and maintain the Group Cyber Risk Management Framework, integrating with existing enterprise risk processes.
  • Conduct and oversee risk assessments across all business units, ensuring consistent methodology, tracking, and remediation.
  • Facilitate CIS (Center for Internet Security) control reviews and maturity assessments, supporting business units to remediate identified gaps.
  • Establish cadence for cyber risk reviews, ensuring risk registers, control effectiveness, and mitigation plans are regularly updated and reported.

3. Compliance & Control Assurance
  • Define and manage the evidence collection process to demonstrate compliance with group-wide controls.
  • Monitor business units’ adherence to policies, standards, and control requirements - ensuring that “what they say they’re doing” is verified.
  • Coordinate periodic internal and external audits, manage findings, and track corrective actions.
  • Maintain visibility of global compliance posture and develop consolidated group reporting dashboards.
4. Cybersecurity Governance & Oversight
  • Partner with Group IT, Security, and Legal to ensure alignment of technical controls, regulatory compliance, and business risk appetite.
  • Manage cybersecurity reporting cadence, including key metrics, control compliance, risk trends, and remediation status.
  • Support incident response readiness and ensure GRC processes integrate with business continuity and disaster recovery planning.
5. Acquisition Integration
  • Support due diligence and post-acquisition integration from a GRC perspective, ensuring newly acquired entities align with the Group’s ISMS and control expectations.
  • Provide structured onboarding and gap analysis for new business units entering the group.
6. Training & Awareness
  • Lead group-wide initiatives to increase awareness of governance, risk, and compliance obligations.
  • Develop and deliver targeted training programs for security champions, IT leads, and management teams across BUs.
7. Regulatory & Jurisdictional Compliance Experience
  • Deep understanding of global information security, privacy, and data protection regulations, and how they apply across multiple jurisdictions.
  • Experience designing and implementing compliance frameworks that address local regulatory variations while maintaining alignment with group-wide standards.
  • Proven ability to interpret and operationalize requirements from frameworks and laws such as:
GDPR (Europe)
Australian Privacy Act
UK Data Protection Act
US-specific frameworks (CCPA, HIPAA, state-level cybersecurity laws)
APAC regional regulations (PDPA in Singapore, POPIA in South Africa, etc.)

  • Ability to coordinate with local legal, IT, and compliance teams to ensure appropriate governance and evidence collection for region-specific requirements.
  • Skilled in maintaining regulatory compliance registers, mapping controls to regulatory obligations, and integrating these into the ISMS.
  • Track record of managing multi-country compliance reporting and assurance programs, ensuring timely and accurate submissions for both internal and external stakeholders.

Experience & Qualifications
Essential Experience
  • 8+ years of experience in information security governance, risk, and compliance, ideally within multi-entity or multinational environments.
  • Proven experience building or managing an ISMS aligned to ISO 27001 (certification beneficial).
  • Strong background conducting CIS control reviews, risk assessments, and audit programs.
  • Experience in collecting and managing evidence of control application across distributed teams.
  • Understanding of cybersecurity frameworks and standards (NIST, CIS, ISO, SOC 2, GDPR, etc.).
  • Strong project management skills with ability to coordinate multiple initiatives across diverse stakeholders.
Desirable Experience
  • Experience in M&A or group-level integration of security governance frameworks.
  • Exposure to software/SaaS business models, cloud environments (AWS, Azure, GCP), and data protection regulations.
  • Certifications such as CISM, CISSP, ISO 27001 Lead Implementer/Auditor, CRISC or equivalent.
Skills & Attributes
  • Excellent communicator with strong stakeholder management across technical and non-technical teams.
  • Analytical and structured thinker, comfortable designing frameworks from the ground up.
  • Self-starter, able to operate autonomously and influence senior leadership.
  • Detail-oriented and diligent, with a focus on evidence, verification, and continuous improvement.

Key Performance Indicators
  • Group-wide alignment to ISO 27001 framework milestones.
  • Evidence of consistent CIS control implementation across all business units.
  • Measurable improvement in cyber risk maturity scores.
  • Reduction in audit findings and non-conformities.
  • Timely and accurate reporting of risk posture to Group leadership.

Exciting Benefits we offer:
  • Market-leading Salary
  • Medical Coverage – Self & Dependents
  • Parents Medical Coverage
  • Provident Fund
  • Employee Performance-based bonuses
  • Home Internet Subsidy
  • Conveyance Allowance
  • Profit Sharing Plan [Tenured Employees Only]
  • Life Benefit
  • Child Care Facility
  • Company Provided Lunch/Dinner
  • Professional Development Budget
  • Recreational area for in-house games
  • Sporadic On-shore training opportunities
  • Friendly work environment
  • Leave Encashment
Disclaimer: At Contour, we attribute our success to the unique contributions of our diverse staff. We’re committed to fostering a culture of respect that thrives on the varied perspectives and experiences of all individuals we recruit, employ, promote, and compensate. Since day one, we’ve adhered to a policy that champions a work environment honoring the worth and dignity of each person while being free from all forms of employment discrimination.
In our continuous effort to promote inclusivity, we extend our commitment to individuals with special needs by providing reasonable accommodations. We actively encourage qualified individuals with special needs to apply for the various openings within our company. Should you require assistance in completing the application process or have any inquiries regarding special facilities, please do not hesitate to contact our HR team. Your unique talents and abilities are welcomed and valued here.

Similar jobs

Talha Elevators logo
Senior Financial Analyst

Talha Elevators

Lahore, Pakistan

5 days ago

Datamatics Technologies logo
Senior Business Analyst - CRM

Datamatics Technologies

Lahore, Pakistan

5 days ago

Datamatics Global Services Ltd logo
Senior Business Analyst - CRM

Datamatics Global Services Ltd

Lahore, Pakistan

5 days ago

RipeSeed logo
Senior Business Analyst

RipeSeed

Lahore, Pakistan

5 days ago

Adal Fintech (Pvt) Ltd. logo
Senior Business Analyst

Adal Fintech (Pvt) Ltd.

Karachi, Pakistan

5 days ago

Starzplay Arabia logo
Senior Analyst - Advanced Analytics

Starzplay Arabia

Lahore, Pakistan

5 days ago

Muffins Sweets and Bakers logo
Compliance Officer Needed at Renowned Study Abroad Consultancy

Muffins Sweets and Bakers

Lahore, Pakistan

5 days ago

© 2025 Qureos. All rights reserved.

Term of usePrivacy policy