Information Security Manager

About us:

FINJA, the leading Pakistani FinTech is a new age financial services platform for professionals, merchants (Karyana shops) and SME businesses addressing their payments, collections and credit needs. FINJA holds a unique position in the value chain enabling all actors in the eco-system to interact digitally. We are the flag bearers leading Pakistan’s economy to a digital transformation by providing innovative financial services & solutions.

Role Purpose & Context:

To articulate and communicate the gist of Information Security mission and objectives across the organization, while providing all businesses with the direction and information that allow them to understand priorities while managing and overseeing every aspect of technology security measures throughout the organization.

This role will be actively involved in strategic planning and monitoring of risk-taking actions of the senior management, both as a strategic partner to the business units advising them on risk issues and on the best ways to identify and manage these issues as well as a risk controller setting parameters for risk activities and reviewing compliance with these parameters in order to ensure that the business does not incur any undue risk without adequate return.

Job Responsibilities:

• Ensure control weaknesses in processes, operations and systems are timely identified and necessary corrective actions are taken.
• Protects the integrity across the organization by ensuring that it operates in accordance with legal and regulatory requirements both in terms of technology & processes, abides by the Code of Corporate Governance, and promotes compliance in the manner in which business is conducted.
• Ensure the organization is strengthened structurally by introducing innovative systems and tools so that dependence on individuals is lessened and business foundations are placed on sound system footings.
• From technological risk point of view; supervising system integration, ensuring appropriate security control processes are in place, ensuring appropriate authorization privileges & authentication measures, logical and physical access controls, adequate infrastructure security to maintain appropriate boundaries and restrictions of both internal and external user activities and data integrity of transactions, records and information.
• Planning for incident management and response, performing tests, exercises, and drills of all response plans.
• Perform problem management, root cause analysis, and post mortem reviews following the occurrence of an incident
• Ensure that security requirements are adequately addressed throughout the development and acquisition lifecycles for all information assets
• Perform security reviews, certification (if necessary) and accreditation prior or post to the release of new applications, systems, or information asset to production
• Define, assess, and maintain controls necessary to protect information Assets in accordance with security requirements, including secure configurations & changes to them, for networks, hardware and systems.
• Define, assess, and maintain controls necessary to protect networks, hardware, systems, and mobile devices in accordance with security requirements, including intrusion prevention and detection controls.
• Define, assess, and maintain controls necessary to protect the network and Internet perimeters in accordance with security requirements, including firewalls, and VPNs.
• Review and advise that the security plans, infrastructure, redundancies, ownership, assigned roles, access points and integrations internally, updated and periodically tested.
• Track and maintain all reports and actions needed to achieve compliance against security policies, regulations, and audits.
• Review and advise the organization wide backup of sensitive information, security of backup and restoration arrangements.
• Connect organizational requirements with security goals.
• Prepare financial forecasts and budgets for security operations.
• Keep an eye on security vulnerabilities and threats. Assist in carrying out security & forensic investigations and recommended courses of action.
• Implement and maintain security policies and procedures, including their periodic reviews.
• Provide regular feedback to the senior Management on compliance health of all businesses, also highlighting key risk issues/areas with remedial actions.
• Ensure operating losses are kept within the risk appetite of the organization

What are we looking for?

• Masters or at least Bachelors in Computer Sciences/IT/Information Security.
• 07 to 10 years of Information Security & Compliance experience in a reputable Organization.
• Accepting challenges & entrepreneurship skills and demonstrated business acumen in leading technology risk management & compliance strategies with rich functional exposure in formulating and implementing strategies, aimed at facilitating business expansion and growth.
•  Ability to work in a team environment, with a positive attitude and willingness to help others
•  Able to work under pressure and time constraints