IT Security Specialist

Contour Software has grown significantly over the past decade.

We are a subsidiary of a global enterprise software conglomerate that has become one of the top 10 software companies in the world, with employees and customers across 100+ countries. With a broad-based and ever-growing portfolio of market-leading, vertical-market enterprise solutions covering more than 100 industry domains in predominantly mature markets, we create an ideal environment for professionals to build fulfilling, long-term careers.

Our division has progressed from an R&D & Accounting back-office to a full-service Global Centre serving all functions and departments at the divisional as well as operating group/corporate level. Today our employees, located in Karachi, Lahore & Islamabad, serve divisions spanning time zones worldwide, from Sydney to Vancouver. We are just getting started.

The Division:

We acquire, manage, and build software businesses that provide specialized, mission-critical software solutions. We help companies grow through organic initiatives and seek acquisitions that strengthen their market position.

The Position:

As ITIS Audit Officer, you will support companies within our group to meet regulatory and compliance requirements specifically ISO27001 Audit, PCI DSS, and assist in meeting Vela compliance requirements by working with business units IT, customer support, development teams, and Vela GRC. We look for individuals who can solve complex problems quickly and have strong ethical values.

You will be located and work out of our Lahore office, part of the resource-center as an extension of the division-based G&A department.

Responsibilities:

1. Document and implement information security policies and standards (related to PCI-DSS and NIST CSF compliance requirements) specific to certain business units.
2. Lead the PCI-DSS compliance initiatives, monitor, and report gaps in compliance to management.
3. Review information systems, IT and SSDLC practices to ensure compliance with business unit's GDPR/ISO/PCI-DSS requirements as well as Vela security framework requirements including processes, standards, policies, and procedures.
4. Conduct risk assessments to identify potential risk events and assist with quantifying their probability of occurrence and impact on the business and work with risk owners in mitigating those risks.
5. Collaborate with IT TechOps and security team to monitor risks and compliance status, report and develop countermeasures and contingency plans.
6. Monitor security logs of anti-virus and SIEM/IDS to verify that all systems are up-to-date and all incidents are being logged, monitored, and responded to as per policy requirements.
7. Monitor and evaluate security measures in collaboration with the IT TechOp team to protect against reasonably anticipated threats or hazards to the privacy, security, or integrity of protected information (PII, PCI).
8. Manage external audits and assessments, oversee audit findings and management actions plans. Ensure corrective actions are taken. Work with risk owners in developing risk treatment plans, estimations, follow-up, and report status on action plans.
9. Perform tasks as set forth by the management team.
10. Provide security awareness and compliance trainings to the IT team as well as end-users in line with the PCI-DSS requirements.

Qualification(s):

• Bachelor's Degree in Information Technology or related technical field.
• Candidate should have a minimum of 3+ years either Information Security Risk or Cyber Security Risk experience.
• Must have knowledge of cloud-based environments (AWS, GCP, Azure, etc.) with cloud governance experience.
• Must have experience in working in e-commerce environments and PCI-DSS V3.2.1/4.0.
• Sound working knowledge of industry best practices (NIST, ISO, SANS, COBIT) and Legislative and Regulatory and Industry Compliance Requirements (PCI, CCPA, GDPR etc.).
• Clear understanding of SDLC process and how Security validation is tied to that.
• Must have exceptional written, verbal, and presentation communication skills.
• Ability to facilitate cross-functional teams.
• Ability to translate business requirements into control objectives.
• Strong project management skills.

Good to Have:

• Experience with PCI-DSS v4.0
• Experience of GRC Tools (such as Service Now, RSA Archer)

Benefits we offer:

• Medical Coverage - Self & Dependents
• Parents Medical Coverage
• Provident Fund
• Employee Performance-based bonuses
• Home Internet Subsidy
• Conveyance Allowance
• Profit Sharing Plan [Tenured Employees Only]
• Child Care Facility
• Company Provided Lunch/Dinner
• Professional Development Budget
• Recreational area for in-house games
• Sporadic On-shore training opportunities
• Friendly work environment
• Leave Encashment

About Us:

We attribute our success to the unique contributions of our diverse staff. We're committed to fostering a culture of respect that thrives on the varied perspectives and experiences of all individuals we recruit, employ, promote, and compensate. Since day one, we've adhered to a policy that champions a work environment honoring the worth and dignity of each person while being free from all forms of employment discrimination.

In our continuous effort to promote inclusivity, we extend our commitment to individuals with special needs by providing reasonable accommodations. We actively encourage qualified individuals with special needs to apply for the various openings within our company. Should you require assistance in completing the application process or have any inquiries regarding special facilities, please do not hesitate to contact our HR team. Your unique talents and abilities are welcomed and valued here.