About Contour
Contour Software has grown from a dozen people to over 2,000 staff across 3 cities, in less than 14 years.
As a subsidiary of Constellation Software Inc., we are proud to be part of a global enterprise software conglomerate that has grown to become one of the top 10 software companies in the world, with employees and customers in 100+ countries. With a broad-based and ever-growing portfolio of market-leading, vertical-market enterprise solutions covering more than 100 industry domains in predominantly mature markets, CSI's recipe creates the perfect environment for professionals to build fulfilling, long-term careers.
What started as an R&D & Accounting back-office, has progressed into a full-service Global Centre serving all functions and departments, at the divisional as well as operating group/corporate level. Today Contour employees, located in Karachi, Lahore & Islamabad, are serving CSI divisions located in time zones spanning the globe, from Sydney to Vancouver. With the global growth of Constellation as the wind in our sails, we are only just getting started!
The Division:
Vela Software is a subsidiary of Constellation Software, a TSX-listed publicly traded company. Constellation Software operates in over 100 countries and dozens of verticals. Constellation Software has completed over 500 acquisitions of small, medium and large private and public companies since its inception in 1995.
At Vela and Constellation, we typically leave acquired businesses as decentralized stand-alone entities. We provide vertical market software expertise, operational support and capital to help our businesses grow organically and/or through acquisitions.
The Position:
As GRC Analyst, you will support companies within the VELA operating group to meet the Governance, Risk and Compliance requirements of Vela Head Office by working with Sub Portfolio IT, GRC, development teams as well as other Vela GRC team members. We are looking for individuals who move fast, can break down and solve complex problems, and have strong ethical values.
The hired candidate will be located and work out of the Contour Software Lahore office, working as part of the resource-center, as an extension of the division-based G&A department.
Responsibilities:
• Assist in the delivery, validation and monitoring of the Vela Framework assessment (CIS-18), and report the gaps in compliance to management. Review information systems, IT and SSDLC practices to ensure compliance with security requirements as well as Vela security framework requirements including processes, standards, policies, and procedures.
• Conduct risk assessments to identify potential risk events and assist with quantifying their probability of occurrence and impact on the business and work with risk owners in mitigating those risks.
• Collaborate with IT TechOps and security team to monitor risks and compliance status, report and develop countermeasures and contingency plans.
• Monitor the security logs of anti-virus and SIEM/IDS to verify that all systems are up-to-date and all incidents are being logged, monitored and timely responded to as per policy requirements.
• Monitor and evaluate security measures in collaboration with the IT TechOp team to protect against reasonably anticipated threats or hazards to the privacy, security, or integrity of protected information .
• Assist with the management of external audits and assessments, oversee audit findings and management actions plans. Ensure corrective actions are taken.
• Work with risk owners in developing risk treatment plans, time estimations, follow-up and report status on action plans.
Qualification(s):
• Bachelor's Degree in Information Technology or related technical field.
• Candidate should have a minimum of 3+ years either Information Security Risk or Cyber Security Risk experience.
• Must have knowledge of cloud-based environments (AWS, GCP, Azure, etc.) with cloud governance experience
• Sound working knowledge of industry best practices (NIST, ISO, SANS, COBIT) and Legislative and Regulatory and Industry Compliance Requirements (PCI, CCPA, GDPR etc.).
• Clear understanding of SDLC process and how Security validation is tied to that.
• Must have exceptional written, verbal and presentation communication skills.
• Ability to facilitate cross-functional teams.
• Ability to translate business requirements into control objectives.
• Strong project management skills.
Good to Have:
• Experience with PCI-DSS v4.0
• Experience of GRC Tools (such as Service Now, RSA Archer, 6Clicks)
• One or more of the following certifications:
• ISO 27001 Lead auditor/Implementer CISM, CISA and/or CISSP CRISC
Work Shift Timings:
6:00 pm to 3:00 am (Pakistan Standard Time) – 7:00 am to 4:00 pm (Central Time Zone).
Exciting Benefits we offer:
Market-leading Salary
Medical Coverage – Self & Dependents
Parents Medical Coverage
Provident Fund
Employee Performance-based bonuses
Home Internet Subsidy
Conveyance Allowance
Profit Sharing Plan [Tenured Employees Only]
Life Benefit
Child Care Facility
Company Provided Lunch/Dinner
Professional Development Budget
Recreational area for in-house games
Sporadic On-shore training opportunities
Friendly work environment
Leave Encashment
Disclaimer: At Contour, we attribute our success to the unique contributions of our diverse staff. We’re committed to fostering a culture of respect that thrives on the varied perspectives and experiences of all individuals we recruit, employ, promote, and compensate. Since day one, we’ve adhered to a policy that champions a work environment honoring the worth and dignity of each person while being free from all forms of employment discrimination.
In our continuous effort to promote inclusivity, we extend our commitment to individuals with special needs by providing reasonable accommodations. We actively encourage qualified individuals with special needs to apply for the various openings within our company. Should you require assistance in completing the application process or have any inquiries regarding special facilities, please do not hesitate to contact our HR team. Your unique talents and abilities are welcomed and valued here.
