GRC Analyst

The Position:

As GRC Analyst for the FOG Software group , you will support certain companies within the FOG Software operating group to meet the regulatory and compliance requirements specifically PCI DSS as well support in meeting the Vela compliance requirements by working with specific business units IT, customer support, development teams as well as Vela GRC. We are looking for individuals who move fast, can break down and solve complex problems, and have strong ethical values.

The hired candidate will be located and work out of the Contour Software Islamabad/Karachi/Lahore office, working as part of the resource-center, as an extension of the division-based G&A department.

Responsibilities:

Document and implement information security policies and standards (related to PCI-DSS and NIST CSF compliance requirements) specific to certain business units.

Lead the PCI-DSS compliance initiatives, monitor, and report the gaps in compliance to management.

Review information systems, IT and SSDLC practices to ensure compliance with business unit's GDPR/ISO/PCI-DSS requirements as well as Vela security framework requirements including processes, standards, policies, and procedures.

Conduct risk assessments to identify potential risk events and assist with quantifying their probability of occurrence and impact on the business and work with risk owners in mitigating those risks.

Collaborate IT TechOps and security team to monitor risks and compliance status, report and develop countermeasures and contingency plans.

Monitor the security logs of anti-virus and SIEM/IDS to verify that all systems are up-to-date and all incidents are being logged, monitored and timely responded to as per policy requirements.

Monitor and evaluate security measures in collaboration with the IT TechOp team to protect against reasonably anticipated threats or hazards to the privacy, security, or integrity of protected information (PII, PCI).

Manage external audits and assessments, oversee audit findings and management actions plans. Ensure corrective actions are taken. Work with risk owners in developing risk treatment plans, time estimations, follow-up and report status on action plans.

Perform tasks as set forth by the management team.

Provide security awareness and compliance trainings to the IT team as well as end-users in line with the PCI-DSS requirements.

Qualification(s):

Bachelor's Degree in Information Technology or related technical field.

Candidate should have a minimum of 3+ years either Information Security Risk or Cyber Security Risk experience.

Must have knowledge of cloud-based environments (AWS, GCP, Azure, etc.) with cloud governance experience

Must have experience in working in e-commerce environments and PCI-DSS V3.2.1/4.0.

Sound working knowledge of industry best practices (NIST, ISO, SANS, COBIT) and Legislative and Regulatory and Industry Compliance Requirements (PCI, CCPA, GDPR etc.).

Clear understanding of SDLC process and how Security validation is tied to that.

Must have exceptional written, verbal and presentation communication skills.

Ability to facilitate cross-functional teams.

Ability to translate business requirements into control objectives.

Strong project management skills.