Analyst, Information Security Office (Information Technology) – Aga Khan University

Job Description
You are responsible for assisting in managing the Global Information Security and to protect AKU’s enterprise infrastructure, digital information and business continuity globally through strong and effective security practices.
Along with the need to ensure that adequate and effective security processes and controls are followed and aligned to deliver compliance with security policy and regulatory requirements of each region.

Responsibilities:
Your responsibilities include, but not limited to;
Assist in preparation, assessment and enforcement of information security policies, standards, guidelines and procedures. Perform IS policy and procedures gap assessments against information security, regulatory requirements and governance standards, for example IS027001:2013, COBIT, PCI-DSS etc. Ensure that information security policy and relevant procedures are updated, reviewed and approved by the management at the defined frequency and are in compliance with applicable privacy and identity theft laws and other regulations.
Perform technology and information security risk assessments.
Liaise with IT and internal/external audit teams during information systems audit. Work as a central point of contact from IT to ensure appropriate flow of information to audit team with any delay. Work with IT team for successful closure of the audit observations for all sites (Pakistan, East Africa, UK and Afghanistan)
Actively participate in the Security Incident Response Team (SIRT).
Perform internal assessments and identify gaps in current documentation and operations. Work with IT teams to fix these gaps.
Work with other teams in technology, internal audit and vendors to ensure that AKU-wide information security requirements are incorporated into the rollout of new systems.
Perform and maintain information/data classification policy and procedure. Educate IT and business users and ensure all critical information assets are classified properly.
Review of audit logs for critical applications, databases, OS and networks.
Participate in planning and implementation of AKU-wide security awareness and education programs that are aligned with global security policy, standards, regulatory requirements, and industry practices.
Work with business functional leads and technology team leads to ensure that user access rights review and privileged access rights review will complete on time.

Requirements:
Bachelor’s degree or equivalent in Computer Science, Computer Engineering, Information Security or related field. Advance degree highly preferred.
Relevant certifications e.g. CISA, CISM, CEH, CISSP etc. would be a plus.
Knowledge of Information Security and IT standards including but not limited to ISO 27001, PCIDSS, CUBIT, HIPAA, NIST, ITIL etc.
Minimum 5 years of hands-on experience in Information Security risk assessments, policies and procedures, information systems audit, regulatory compliance etc.
Strong knowledge of Information Security and technology standards including but not limited to ISO 27001, COBIT, ITIL, HIPAA etc.
Knowledge of Business Continuity Planning, IT Disaster Recovery, auditing, and risk management, as well as contract and vendor negotiation.
Ability to perform information security risk assessments, infrastructure/systems and network security assessments, critical practice assessments and identify information security weaknesses and/or gaps in the current operations is compulsory.
Ability to administer incident response planning and investigation process of security breaches globally, and facilitate the management with disciplinary and legal matters associated with such breaches as necessary.
Ability to manage and drive remediation efforts related to information security; remediation may be from incidents, penetration tests, vulnerability scans, internal/external audits for all campuses and critical practice assessments.
Understands the business activities performed by AKU, and based on this understanding, suggests appropfiate information security solutions that adequately protect these activities AKU- wide.
Ability to work with other departments and vendors to ensure that AKU-wide information security requirements are incorporated into the rollout of new systems.
Work with a diverse group of individuals in a collaborative team environment
Ability to work with third party firms and consultants to conduct independent security audits.
Experience in any Big 4 professional services firm would be a plus.
Implementation of AKU-wide security awareness and education programs that are aligned with global security policy, standards, regulatory requirements, and industry practices.

Apply
Please send your resume at human.resources@aku.edu and mark the subject with position number “10026376”.
Only shortlisted candidates will be notified.
Applications should be submitted latest by April 13, 2021

[yuzo_related]