Security Officer (CISO)

Responsibilities:

• Ensure the company's compliance with IT and security regulations set by regulatory bodies (including the central bank and financial industry security standards). Maintain corporate compliance and collaborate with regulators.
• Conduct regular or ad-hoc internal IT and security compliance assessments. Support internal and external IT audits and security audits.
• Be responsible for the daily operations of office security, host security, and network security equipment.
• Monitor, rapidly respond to, and handle public opinion risks related to the company's brand.
• Support internal cybersecurity work, such as handling security incidents and addressing security inquiries.
• Conduct company-wide security awareness training for local colleagues.
• Coordinate risk requirements with local GR, Legal, Finance, Business, and Technology departments. Develop requirement documents and collaborate to complete security and risk management resolution processes.
• Daily Regulatory Liaison & Compliance Response: Communicate regularly with regulators to ensure compliance materials prepared by the Beijing team are correctly interpreted. As the local security manager, demonstrate security systems to regulators and explain security management frameworks and processes.
• Host Risk Operations: Demonstrate and utilize HIDS/WAF system alerts, handle technical compliance checks from regulators, and communicate compliance requirements from regulators and partners.
• Office Security Management: Promote the installation coverage of EDR/DLP, participate in local installation and daily operations, handle phishing emails for local employees, report threats promptly, and participate in emergency response.
• Daily Risk Management: Handle public opinion alerts, proactively identify mainstream social media fraud risks, address frontline risk and public opinion needs from customer service, collect improvement requirements from the local risk management team, and assist the Beijing team in implementing security systems and measures.

Qualifications

• :Bachelor's degree or higher in Computer Science, Information Security, or a related field
• .8+ years of relevant experience in security compliance and security auditing. Familiar with security standards such as ISO27001, PCI-DSS, BCM, and knowledgeable about Pakistan's IT/security laws and regulations
• .Experience with security compliance and governance in large organizations
• .Experience in cooperating with regulatory agencies on IT and security compliance matters
• .Experience in handling security incidents and writing security reports for management
• .Security certifications such as CISA, CISM, or CISSP are preferred
• .Good communication and management skills. Proficiency in Chinese is a plus
• .Familiar with security management and hardening of mainstream operating systems like Windows and Linux
• .Familiar with the principles and operations of common network security products (e.g., Firewall, EDR, WAF, VPN, Jump Server, Vulnerability Scanner, etc.)
• .Familiar with common network security incident response processes

.