NGT seeking a highly skilled and experienced Senior Security Analyst to join our team. As a Senior Security Analyst, you will play a critical role in ensuring the security and integrity of our organization and clients’ systems and data. Your responsibilities will encompass a wide range of tasks, including policy creation and maintenance, security risk assessments, internal audits, incident management, and more.
- Develop and maintain Information Security Management System (ISMS) policies to ensure compliance with industry standards and regulations.
- Conduct thorough security risk assessments, identify gaps, and provide comprehensive recommendations to address vulnerabilities, actively driving these solutions to completion.
- Establish internal audit processes tailored to specific security needs and act as the primary liaison for security during audits.
- Perform internal audits and ensure all necessary documentation is reviewed and updated to meet audit requirements.
- Initiate and lead complex security projects that involve collaboration with various internal and external stakeholders.
- Design and deliver security awareness and educational training for the organization and specific teams.
- Provide support and guidance to team members in delivering work streams aligned with compliance standards such as ISO27001, SOC2, NIST, SOX, HIPAA, CIS, and GDPR.
- Manage and lead the Security Operations team, overseeing their day-to-day activities and ensuring efficient incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring.
- Contribute significantly to the development of the future roadmap for the Security Operations Center (SOC) for both the company and clients.
- Conduct hands-on penetration testing and vulnerability assessments as required.
- Develop and maintain comprehensive security testing plans and methodologies.
- Act as a mentor and coach for other IT security staff, providing guidance and expertise to foster their professional growth.
- Bachelor’s degree in Computer Engineering, Computer Science, or equivalent.
- Minimum of 10 years of overall experience, with at least 8 years in the field of Information Security.
- Strong familiarity with various industry regulations and frameworks, such as ISO27001, SOC2, NIST, SOX, HIPAA, GDPR, and CIS.
- Proficiency in GRC (Governance, Risk, and Compliance) tools.
- Extensive background in security controls, auditing, network, and system security.
- Experience with risk management principles and methodologies.
- Proven track record in conducting internal and external security audits.
- Solid understanding of IT technologies and their security implications.
- Expert knowledge of SIEM (Security Information and Event Management) tools like Wazuh, Sentinel, Splunk, QRadar, etc.
- Ability to develop queries, use-cases, and dashboards for effective security monitoring.
- Familiarity with incident management procedures and protocols.
- Prior experience in Information Security Awareness platforms.
- Proficiency in vulnerability assessments and penetration testing methodologies.
- Certifications: At least 2 or more from the following – CISA, CISM, ISO 27001, CISSP, CEH, OSCP, GPEN.
- Strong interpersonal and influencing skills, capable of driving collaborative change both internally and externally.
- Excellent communication skills, both written and verbal.
If you possess the required qualifications and experience and are enthusiastic about making a significant impact in the field of information security, we encourage you to apply for this position.
Please submit your application along with your updated resume and relevant certifications at firstname.lastname@example.org. We look forward to welcoming you to our dynamic team of professionals.
Location: Gulberg, Lahore