Lead GRC Analyst

Contour Software, a rapidly growing subsidiary of Constellation Software Inc., has expanded to over 2,000 employees across Karachi, Lahore, and Islamabad within 14 years. As part of a global enterprise software conglomerate operating in more than 100 countries, Contour offers a dynamic environment for professionals seeking long-term career growth. The Lead GRC Analyst will be instrumental in unifying information security governance, risk, and compliance across 31 global software business units. This role centers on aligning with an ISO 27001-based Information Security Management System (ISMS), ensuring consistent cyber risk management, control implementation, and evidence collection. Additionally, the position supports Contour’s growth through acquisitions by integrating new entities into a compliant and well-governed ecosystem.

Key Responsibilities

Lead the design, implementation, and ongoing management of a group-wide ISMS aligned with ISO 27001. This includes developing and maintaining security policies, standards, and procedures to ensure robust information security governance.

Establish governance structures such as steering committees and reporting frameworks to maintain consistent cyber and information security oversight across all business units.

Develop and maintain the Group Cyber Risk Management Framework by conducting risk assessments, facilitating CIS control reviews, and ensuring regular updates to risk registers and mitigation plans.

Manage compliance activities by defining evidence collection processes, monitoring adherence to policies, coordinating audits, and maintaining consolidated compliance reporting dashboards.

Collaborate closely with Group IT, Security, and Legal teams to align technical controls with regulatory requirements and the organization’s risk appetite. Support incident response and business continuity planning efforts.

Support acquisition due diligence and post-acquisition integration from a GRC perspective, including onboarding new business units and conducting gap analyses to ensure compliance.

Lead group-wide training and awareness initiatives by delivering targeted programs for security champions, IT leads, and management teams to foster a strong security culture.

Maintain up-to-date expertise in global information security, privacy, and data protection regulations, ensuring compliance frameworks address local variations while aligning with group standards.

Required Qualifications

A minimum of 8 years’ experience in information security governance, risk, and compliance within multi-entity or multinational organizations.

Proven expertise in building or managing an ISO 27001-aligned ISMS; relevant certification is advantageous.

Strong background in conducting CIS control reviews, risk assessments, and audit programs.

Experience managing evidence collection for control application across distributed teams.

Familiarity with cybersecurity frameworks and standards such as NIST, CIS, ISO, SOC 2, and GDPR.

Excellent project management skills with the ability to coordinate multiple initiatives involving diverse stakeholders.

Exceptional communication and stakeholder management skills, capable of engaging both technical and non-technical audiences.

Analytical and structured thinker with a self-starter attitude and the ability to influence senior leadership.

Preferred Qualifications and Benefits

Experience in mergers and acquisitions or group-level integration of security governance frameworks.

Exposure to software/SaaS business models, cloud platforms (AWS, Azure, GCP), and data protection regulations.

Relevant certifications such as CISM, CISSP, ISO 27001 Lead Implementer/Auditor, or CRISC.

Competitive salary package with medical coverage for employees and dependents.

Provident fund, performance-based bonuses, home internet subsidy, conveyance allowance, and profit-sharing for tenured employees.

Life benefits, childcare facilities, company-provided meals, professional development budget, recreational areas, and occasional on-shore training.

A friendly and inclusive work environment with leave encashment options.

Contour Software is dedicated to fostering an inclusive and respectful workplace that values diverse perspectives and experiences. The company encourages applications from individuals with special needs and provides reasonable accommodations throughout the recruitment process. Its culture is founded on dignity, respect, and equal opportunity for all employees.