Manager / Sr. Manager Information Security Governance & Architecture

Job Purpose:

The Manager / Senior Manager, Information Security – Governance & Architecture is responsible for shaping and driving the organization’s Cybersecurity governance, risk, compliance, and enterprise security architecture. The role ensures that policies, controls, and security designs are aligned with international standards (ISO, PCI DSS, CIS, NIST) and local regulatory requirements (PTA CTDISR, Pakistan Cloud First Policy, etc.)

This position plays a critical role in enabling secure digital transformation by embedding Cybersecurity by-design into technology initiatives, while also ensuring the organization’s risk posture is well-governed and resilient against evolving threats.

Key Responsibilities

Cybersecurity Governance, Risk & Compliance (GRC)

•Lead the Cybersecurity governance framework, ensuring alignment with global standards (ISO 27001, PCI DSS, CIS, NIST CSF) and local telecom/digital & Cloud regulatory requirements (PTA CTDISR, Pakistan Cloud First Policy, etc.).

• Develop, maintain, and enforce Cybersecurity policies, standards, and control frameworks.

• Drive organization-wide cyber risk assessments and ensure mitigation plans are embedded into business and Technology strategies.

• Oversee internal and external vulnerability assessments, penetration testing, and business risk reviews for critical applications and infrastructure.

• Act as the primary liaison with internal and external auditors, regulators, and compliance bodies.

Security Architecture & Strategy

•Translate business strategies and digital initiatives into Cybersecurity architecture requirements and secure solutions.

• Plan and sign off on security design reviews for projects and system implementations.

• Recommend and validate security controls to protect critical applications, networks, and cloud platforms.

• Define phased strategies to achieve Cybersecurity risk and compliance objectives within deadlines.

• Provide expert advice on emerging cyber threats, vulnerabilities, and security technologies, ensuring the enterprise architecture remains robust and resilient.

Leadership & Collaboration

• Collaborate with IT, Digital Technology & Engineering Technology teams to ensure Cybersecurity-by-design principles are embedded in new solutions.

• Work closely with the SOC Operations team to ensure that governance, architecture, and controls effectively support threat monitoring, incident detection, and response.

• Develop cross-functional capabilities, including cyber awareness, governance best practices, and lifecycle information management standards.

• Inspire, influence, and engage senior stakeholders to make informed decisions on Cybersecurity risks and investments.

Education:

• Minimum Experience: 4 yrs. or Above

Experience:

• Minimum of Bachelors degree preferably in IS, Computer Science etc. with relevant experience of IS.
• Preferred skills: Proven Skills of Data Protection & Privacy to ensure the Confidentiality & Integrity of Subscriber Data.
• Familiarity with Cloud, 5G, IOT, DevOps, Artificial Intelligence (AI) and Critical Infrastructure Security challenges.
• Industry Cybersecurity certifications like CISSP, CCSP, CRISC, ISO27001, OSCP would be preferred.