| Location: | Lahore, Punjab |
| Openings: | 1 |
| Salary Range: |
Description:
KUALITATEM is a global Consulting, Audit, and Assurance company specializing in Software Quality Assurance, Information Security, Technology Process Optimization & Cloud Infrastructure. Kualitatem is an ISO 9001:2015 and ISO 27001:2013 certified company.
Required Experience - 3-5 Years
Department - Information Security
Reporting - HOD
Job Description
Responsible for taking up external and internal projects at Kualitatem.
External projects will be the Client projects around compliance and assurance of desired information security standards.
Similarly, internal projects may include compliance and assurance on adapted information security standards of the company.
Client projects will require travel within Pakistan and abroad for the successful completion of the tasks.
Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle
Conducting thorough Risk Assessment and Threat Modelling exercises for various clients
Identifying major risk factors for IS/IT Governance and developing and coordinating the implementation of strategies to reduce/remediate process, operational, regulatory, and compliance risks.
Provide hands-on support and oversight to Company’s and it’s Client’s various IT/IS audit projects, including audits of its internal controls
Enable clients against various standards by doing Internal Audits and Gap Assessments and further building controls for compliance.
Reviewing, revising, and, where appropriate, proposing new policies and procedures to ensure compliance with applicable laws and regulations or standards.
Deliver security services such as GRC Audit and Implementation to Clients, which includes technical security assessments of applications and infrastructure, security design reviews as well as risk assessments.
Perform application and infrastructure Cyber Security Assessments, as well as physical security review and social engineering tests for our global clients.
Ensuring that the appropriate IT controls are considered throughout new system implementation projects and reviewing documentation for new IT processes that impact compliance, as required.
Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets.
Required Skillset
Master’s or Bachelor's degree in business / IT, with IT audit or compliance experience, or computer science, with business and IT audit or compliance experience desired
Knowledge and understanding of ISO 27001, ISO 9001, GRC, NIST and SOC-2 information security standards
Working knowledge of common IT security-related regulations and/or standards such as Sarbanes-Oxley and ISO highly desired
Minimum five years' experience conducting security control assessments or audits
Minimum two years' experience developing or managing a security awareness program
At least one industry certification (e.g. CISA, CISM, CRISC, CISSP, ISAAP) highly desired
Strong oral and written communication skills
Ability to maintain security documentation and manuals
Must have strong analytical and critical-thinking skills
High-level of attention to detail and focus on the end goal
Self-starter with ability to work independently, multi-task and adjust to shifting priorities
