Senior Manager – Information Security
- Location: Karachi, Pakistan (Fulltime Onsite)
- Reporting to: Chief Technology Officer
- Experience: 10+ years
- Language: Outstanding Written and Spoken English Skills
*
Summary:
We are seeking a skilled, experienced, and collaborative leader of Information Security to lead our information security team based in Karachi. This individual will manage a team of security professionals and play a key role in operating our Security Operations Center (SOC), securing the enterprise environment, supporting compliance efforts (ISO 27001 and SOC 2), and driving continuous improvement in our security posture.
The ideal candidate combines strong technical expertise with sound risk judgment; focusing on prioritizing and addressing risks in a balanced, business-aligned manner over default patching of automated scan findings. This role emphasizes pragmatic, continuous security improvement over idealism, and requires a leadership style grounded in trust, mentorship, and team growth. This role offers global visibility and requires close coordination with cross-functional stakeholders across regions to continually mature our security posture and risk management practices.
Key Responsibilities:
- Lead and mentor a team of information security professionals promoting learning, collaboration and professional development.
- Implement security controls, risk assessment framework, and programs that align to best practices and regulatory requirements.
- Advise and recommend improvements to the design, development and expansion of ISMS across the global organization consistent with business needs and capabilities.
- Support the implementation and maintenance of the Information Security Management System (ISMS).
- Ensure timely identification, communication, and remediation of security risks and issues.
- Oversee vulnerability management efforts with a focus on contextual risk analysis—ensuring findings are prioritized based on business impact and not automatically relayed scan outputs.
- Balance risk identification and treatment with business capabilities and resources.
- Conduct and oversee third-party risk assessments, including vendor assessments, control reviews and policy adherence.
- Provide global security governance support, including preparation of stakeholder reports and communication of security posture.
- Measure and analyze control effectiveness; identify and develop relevant metrics; report findings and lead remediation tracking efforts.
- Champion security initiatives across the enterprise.
Required Qualifications:
- 10+ years of progressive experience in Information Security, with at least 5 years in a leadership role managing global or internationally alligned teams.
- Track record of successfully supporting or leading security programs for ISO 27001 and SOC 2 compliance within a service provider or B2B environment.
- Led or materially contributed to the implementation and audit-readiness of security frameworks (ISO 27001, NIST CSF, SOC 2) across multiple geographies.
- Hands-on experience analyzing risk, assessing requirements, and remediating findings in high-compliance environments.
- Proven experience leading vulnerability management with a focus on contextual risk analysis—going beyond scan output to prioritize and drive remediation based on business impact.
- Experience partnering with enterprise IT, legal, and compliance teams to operationalize security controls and improve governance maturity.
- Relevant industry certification such as ISO 27001 Lead Auditor, CISSP / CISA / CISM / CCSP etc. (at least two) is highly desirable.
Knowledge:
- Broad level of knowledge of security and risk issues and techniques across platforms.
- Deep understanding of security frameworks: ISO 27001:2013, NIST CSF, SOC 2, PCI DSS, MITRE ATT&CK, etc.
- Strong technical knowledge of core security technologies: DLP, EDR, CASB, NGAV, WAF, email security, firewalls, PAM, etc.
- Experience with cyber and cloud security operations, controls, and architecture.
- Familiarity with IS audit and risk assessment practices and methodologies.
Job Type: Full-time
Pay: Up to Rs600,000.00 per month
Work Location: In person
