InformationSecurityAnalyst

**Location:** Lahore, ## ## **Job Summary:** The Information Security Analyst will be responsible for providing key development, design, integration, and enhancement of information security governance and frameworks necessary to manage the risks and cyber security for the company. This position will ensure security controls are defined, optimized, and remain consistent throughout the organization and meet regulatory requirements and industry best practices such as PCI and IT SOX. ## **Responsibilities:** **_**Key Accountabilities:**_** * Develop and implement information security frameworks and controls such as ISO27001:2013, SAN Top 20, and OWASP Top 10 * Manage a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from internal customers, consultants, and service providers * Heavy responsibility on PCI and IT SOX compliance efforts * Establish baseline hardening standards for IT systems across organization * Ensure all systems are monitored by QRadar to aggregate logs, correlate events, and detect incidents * Enhance and expand patch management program, review the patches, evaluate the risk, and apply the patches using a risk based approach * Periodically update policies and procedures to ensure they accurately reflect business requirements an align to industry leading security practices * Participate in the development of Cyber Security awareness content * Conduct periodic vulnerability scanning process and penetration tests * Maintain a flexible work schedule to meet position demands for after-hours support ** _**Education and Experience:**_** * Bachelor’s degree in computer science or related field * 3+ years of experience in information security * CISSP, CISA, or CISM preferred * Experience with developing security framework such as ISO, PCI, and IT SOX audit requirements and security attack vectors * Experience with data classification, access control, and security models * Experience with implementi