GRC Analyst

Contour Software, a subsidiary of Constellation Software Inc., has grown significantly over the past 14 years, expanding from a small team to more than 2,000 employees across Karachi, Lahore, and Islamabad. As part of a global software conglomerate with operations in over 100 countries, Contour offers professionals the chance to develop long-term careers within a diverse portfolio of leading enterprise solutions. The company has evolved from an R&D and accounting back-office into a full-service global center supporting divisions worldwide. Within this structure, Vela Software operates as a decentralized entity, providing vertical market software expertise and operational support to drive organic growth and acquisitions.

The GRC Analyst position based in Lahore supports Vela operating group companies in meeting Governance, Risk, and Compliance (GRC) requirements. This role involves close collaboration with IT, development, and GRC teams to ensure compliance with security frameworks and standards. The ideal candidate is proactive, capable of solving complex problems efficiently, and demonstrates strong ethical principles. This position functions as part of the resource center, supporting the division-based general and administrative department.

Key Responsibilities:
- Assist in delivering, validating, and monitoring the Vela Framework assessment (CIS-18), identifying and reporting compliance gaps to management.
- Review information systems, IT, and Secure Software Development Life Cycle (SSDLC) practices to ensure alignment with security and Vela framework requirements, including policies, standards, and procedures.
- Conduct risk assessments to identify potential risks, quantify their likelihood and impact, and collaborate with risk owners to develop mitigation strategies.
- Work closely with IT TechOps and security teams to monitor risk and compliance status, develop countermeasures, and establish contingency plans.
- Monitor security logs from antivirus and SIEM/IDS systems to ensure timely incident logging, monitoring, and response in accordance with policy.
- Evaluate security measures alongside IT TechOps to safeguard privacy, security, and data integrity against anticipated threats.
- Support external audits and assessments, manage audit findings, and ensure corrective actions are implemented effectively.
- Collaborate with risk owners to develop, track, and report on risk treatment plans and timelines.

Required Qualifications:
- Bachelor’s degree in Information Technology or a related technical field.
- Minimum of 3 years’ experience in Information Security Risk or Cyber Security Risk management.
- Knowledge of cloud environments such as AWS, GCP, or Azure, including experience with cloud governance.
- Strong understanding of industry best practices including NIST, ISO, SANS, COBIT, and compliance standards such as PCI, CCPA, and GDPR.
- Clear understanding of the Software Development Life Cycle (SDLC) and its integration with security validation.
- Excellent written, verbal, and presentation communication skills.
- Ability to facilitate cross-functional teams and translate business requirements into control objectives.
- Strong project management skills.

Preferred Qualifications and Benefits:
- Experience with PCI-DSS version 4.0.
- Familiarity with GRC tools such as ServiceNow, RSA Archer, or 6Clicks.
- Professional certifications such as ISO 27001 Lead Auditor/Implementer, CISM, CISA, CISSP, or CRISC.
- Work shift from 6:00 pm to 3:00 am Pakistan Standard Time, aligned with 7:00 am to 4:00 pm Central Time Zone.

Benefits include:
- Competitive market salary with performance-based bonuses.
- Comprehensive medical coverage for employees, dependents, and parents.
- Provident fund and profit-sharing plans for tenured employees.
- Home internet subsidy, conveyance allowance, and company-provided meals.
- Child care facilities and recreational areas for in-house games.
- Professional development budget and occasional on-shore training opportunities.
- Supportive and friendly work environment with leave encashment options.

Contour Software is committed to fostering a diverse and inclusive workplace, free from discrimination. The company encourages applications from individuals with special needs and provides reasonable accommodations throughout the recruitment process.