Job Openings Information Security Analyst

About the job Information Security Analyst

Location: Karachi/Lahore/Islamabad (On-site)


Role Overview
The Information Security Analyst will lead the enhancement of the organization's information security and privacy programs. This role is a hybrid of technical execution and strategic governance, responsible for ensuring compliance with global standards (ISO 27001, ISO 27701, NIST, GDPR) while hands-on securing cloud infrastructure, AI-driven systems, and the software development lifecycle. You will act as a key bridge between Engineering, Legal, and Business teams to drive a "security-first" culture.

Key Responsibilities:

  • Support the implementation and continuous improvement of ISMS/PIMS, ensuring alignment with ISO 27001, ISO 27701, NIST, OWASP, and GDPR requirements.
  • Conduct risk assessments, internal audits, control validations, and DPIAs, while collaborating with Legal and Compliance teams on regulatory and privacy obligations.
  • Manage day-to-day security operations, including monitoring, alert triage, threat analysis, and supporting incident response and forensic investigations.
  • Perform and assist in application security testing, vulnerability assessments, and penetration testing, while embedding security controls across the Secure SDLC.
  • Contribute to securing cloud, infrastructure, and AI-driven systems, addressing risks such as data leakage, prompt injection, model abuse, and unauthorized access.
  • Evaluate and implement security tools and controls, ensuring effective protection of applications, data, and platforms.
  • Support data protection practices, including classification, encryption, retention, and handling of data subject rights (DSR) requests.
  • Participate in post-incident reviews, root cause analysis, and continuous improvement of security posture and resilience.
  • Collaborate with Engineering, DevOps, and business teams to design secure architectures and promote a security- and privacy-first culture.
  • Stay updated on evolving threats, mentor junior team members, and support organizational certification and compliance initiatives.


Required Qualifications

  • Education: Bachelor's degree in Computer Science, Information Security, or a related technical field.
  • Experience: 3+ years of hands-on experience in Information Security, GRC, or Data Privacy roles.
  • Regulatory Expertise: Strong mastery of ISO 27001, ISO 27701, GDPR, and NIST CSF; familiarity with ISO 27017/27018 is a plus.
  • Technical Toolkit: * Proficiency with SIEM, GRC tools, and Endpoint Protection (EDR).
  • Experience with Cloud Security (AWS/Azure/GCP) and OWASP principles.
  • Hands-on experience with penetration testing or application security tools.
  • Soft Skills: Excellent communication skills with the ability to translate complex technical risks into actionable business insights for non-technical stakeholders.


Preferred Skills

  • Industry certifications such as CISM or ISO/IEC 27001 Lead Auditor certified
  • Experience securing LLMs or AI-integrated workflow

Or refer someone