Chief Risk Officer

BSCS, BSIT, BSSE/Masters Computer Engineering/Science

CISM, CISSP, Cloud Security

5 to 6 years of experience (1 to 2 years managing a team)

• Mitigate information security risks in line with industry practices, the risk appetite of the business & any legal, regulatory or contractual requirements.
• Ensure compliance of information security policy and ISMS.
• Review Business Continuity and DR documents on a regular periodic basis for accuracy and completeness.
• Co-ordinate & liaise with internal auditor & security assessors as necessary.
• Review and identify risk associated with in the business processes and new projects and report it on timely for its resolution.
• Oversee technological upgrades, improvements and major changes to the information security environment.
• Assess the organization’s security measures, such as firewalls, anti-virus software and passwords, to identify any weak points that might make information systems vulnerable to attack.
• Review internal security assessment reports conducted by IT with the help of security tools, if applicable.
• Recommend information security standards and best practices for the organization.
• Research the latest information technology security trends.
• Ensure that Information security audits are conducted periodically or as needed
• Provide training for employees, explaining security risks and ISMS requirements and demonstrating good practices,
• Any other tasks assigned by CRO

Karachi