GRC Analyst

Join to apply for the GRC Analyst role at Contour Software.

Get AI-powered advice on this job and more exclusive features.

About Contour

Contour Software has grown from a dozen people to over 2,000 staff across 3 cities, in less than 14 years.

As a subsidiary of Constellation Software Inc., we are part of a global enterprise software conglomerate that has grown to become one of the top 10 software companies worldwide, with employees and customers in 100+ countries. We offer a broad portfolio of market-leading enterprise solutions across more than 100 industry domains.

Our team in Karachi, Lahore & Islamabad supports CSI divisions globally, from Sydney to Vancouver, providing full-service solutions and supporting our global growth.

The Division

Vela Software, a subsidiary of Constellation Software, acquires and manages software businesses that provide mission-critical solutions, helping companies grow through organic initiatives and strategic acquisitions.

The Position

As an ITIS Audit Officer, you will support companies within the VELA group to meet regulatory and compliance requirements, including ISO27001 Audit, PCI DSS, and Vela compliance standards. You will work with IT, customer support, development teams, and Vela GRC, based out of Lahore, as part of the resource center and G&A department.

Responsibilities

• Document and implement information security policies and standards related to PCI-DSS and NIST CSF compliance for specific business units.
• Lead PCI-DSS compliance initiatives, monitor, and report gaps to management.
• Review information systems, IT practices, and SDLC processes to ensure compliance with GDPR, ISO, PCI-DSS, and Vela security frameworks.
• Conduct risk assessments, identify potential risks, and work with risk owners to mitigate them.
• Collaborate with IT TechOps and security teams to monitor risks, compliance, and develop countermeasures.
• Monitor security logs and SIEM/IDS systems to ensure incidents are logged, monitored, and responded to promptly.
• Evaluate security measures to protect against threats to PII, PCI, and other sensitive data.
• Manage external audits, oversee findings, and ensure corrective actions are implemented.
• Provide security awareness and compliance training to IT staff and end-users.

Qualifications

• Bachelor's in IT or related field.
• Minimum 3+ years in Information Security Risk or Cyber Security Risk roles.
• Knowledge of cloud environments (AWS, GCP, Azure) and cloud governance.
• Experience in e-commerce and PCI-DSS V3.2.1/4.0.
• Understanding of industry best practices (NIST, ISO, SANS, COBIT) and compliance requirements (PCI, CCPA, GDPR).
• Knowledge of SDLC and security validation processes.
• Excellent communication skills.
• Ability to facilitate cross-functional teams and translate business requirements into controls.
• Strong project management skills.

Good to Have

• Experience with PCI-DSS v4.0.
• Experience with GRC tools like ServiceNow, RSA Archer.

Benefits

• Competitive salary and medical coverage.
• Provident fund, bonuses, and profit sharing.
• Home internet subsidy, conveyance allowance, and life benefits.
• Child care, company-provided meals, and professional development budget.
• Recreational facilities and training opportunities.

Disclaimer

We value diversity and are committed to an inclusive environment. We encourage qualified individuals with disabilities to apply and will provide reasonable accommodations during the hiring process.

• Mid-Senior level

• Full-time

• Business Development and Sales

• IT Services and IT Consulting