ASSISTANT MANAGER - INFORMATION SECURITY

GENERAL PURPOSE:

The Assistant Manager – Information Security is responsible for supporting the development, implementation, and management of the organization’s information security program. The role ensures protection of systems, data, and networks against evolving cyber threats while maintaining compliance with internal policies, regulatory standards, and industry best practices.

Solid IT security experience, with at least 3 years in an information security role would be desirable.

JOB RESPONSIBILITIES & AUTHORITIES:

Security Operations & Monitoring

• Oversee daily security operations, including threat monitoring, incident detection, and response.
• Manage and monitor SIEM, firewalls, intrusion detection/prevention systems, endpoint protection, and antivirus solutions.
• Conduct vulnerability assessments and coordinate timely remediation with relevant teams.

Incident Response & Risk Management

• Lead initial response for security incidents and support forensic investigations.
• Identify risks and recommend mitigation measures to strengthen IT security posture.
• Document incidents and prepare root-cause analysis reports.

Policy & Compliance

• Support the development and enforcement of information security policies, procedures, and standards.
• Ensure compliance with regulatory frameworks such as HIPAA, GDPR, ISO 27001, or local data protection laws.
• Conduct periodic audits to verify compliance across departments.

Awareness & Training

• Conduct user awareness campaigns on phishing, social engineering, and secure data handling.
• Provide guidance to staff on information security best practices.

Collaboration & Governance

• Work closely with Infrastructure, Applications, and Support teams to ensure security is integrated into all IT processes.
• Collaborate with vendors and service providers to strengthen endpoint and network security.
• Assist in preparing security updates for management and IT steering committees.

Project Support

• Contribute to IT and security projects, ensuring security by design.
• Support deployment of new technologies with strong security alignment.

COMPETENCY MATRIX:

Key Skills & Competencies

• Strong knowledge of network and system security concepts, tools, and practices.
• Hands-on experience with firewalls, SIEM, endpoint security, and vulnerability management.
• Familiarity with incident response frameworks and business continuity planning.
• Understanding of compliance standards (ISO 27001, NIST, HIPAA, GDPR, PCI-DSS).
• Analytical thinking and problem-solving skills.
• Strong communication and stakeholder management abilities.

Management Skills

• Communication & Interpersonal skills.
• Time Management skills

Key Attributes

• Should have positive attitude.
• Responsible towards the task.
• Cool tempered

Qualification: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field (Master’s preferred)

Experience: 4-6 years’ relevant experience

Age: Minimum 28 years

Training/Courses: CISM, CISSP, CEH, CompTIA Security+, ISO 27001 Lead Implementer

Domicile: Sindh

Gender: Male / Female

Location: Karachi