GRC Analyst

About Contour

Contour Software has grown from a dozen people to over 2,000 staff across 3 cities, in less than 14 years.
 

As a subsidiary of Constellation Software Inc., we are proud to be part of a global enterprise software conglomerate that has grown to become one of the top 10 software companies in the world, with employees and customers in 100+ countries. With a broad-based and ever-growing portfolio of market-leading, vertical-market enterprise solutions covering more than 100 industry domains in predominantly mature markets, CSI's recipe creates the perfect environment for professionals to build fulfilling, long-term careers.
 

What started as an R&D & Accounting back-office, has progressed into a full-service Global Centre serving all functions and departments, at the divisional as well as operating group/corporate level. Today Contour employees, located in Karachi, Lahore & Islamabad, are serving CSI divisions located in time zones spanning the globe, from Sydney to Vancouver. With the global growth of Constellation as the wind in our sails, we are only just getting started!

The Division: 
Vela Software is a subsidiary of Constellation Software, a TSX-listed publicly traded company. Constellation Software operates in over 100 countries and dozens of verticals. Constellation Software has completed over 500 acquisitions of small, medium and large private and public companies since its inception in 1995.
As an operating group of Constellation Software, we acquire, manage, and build software businesses that provide specialized, mission-critical software solutions. We help companies to grow through organic initiatives and seek acquisitions that can strengthen their market position. 

The Position:

As ITIS Audit Officer, you will support companies within the VELA group to meet the regulatory and compliance requirements specifically ISO27001 Audit, PCI DSS as well as support in meeting the Vela compliance requirements by working with specific business units IT, customer support, development teams as well as Vela GRC. We are looking for individuals who move fast, can break down and solve complex problems, and have strong ethical values. 
The hired candidate will be located and work out of the Contour Software Lahore office, working as part of the resource-center, as an extension of the division-based G&A department.

Responsibilities: 
1.    Document and implement information security policies and standards (related to PCI-DSS and NIST CSF compliance requirements) specific to certain business units. 
2.    Lead the PCI-DSS compliance initiatives, monitor, and report the gaps in compliance to management. 
3.    Review information systems, IT and SSDLC practices to ensure compliance with business unit’s GDPR/ISO/PCI-DSS requirements as well as Vela security framework requirements including processes, standards, policies, and procedures.
4.    Conduct risk assessments to identify potential risk events and assist with quantifying their probability of occurrence and impact on the business and work with risk owners in mitigating those risks. 
5.    Collaborate IT TechOps and security team to monitor risks and compliance status, report and develop countermeasures and contingency plans.
6.    Monitor the security logs of anti-virus and SIEM/IDS to verify that all systems are up-to-date and all incidents are being logged, monitored and timely responded to as per policy requirements. 
7.    Monitor and evaluate security measures in collaboration with the IT TechOp team to protect against reasonably anticipated threats or hazards to the privacy, security, or integrity of protected information (PII, PCI).
8.    Manage external audits and assessments, oversee audit findings and management actions plans. Ensure corrective actions are taken. Work with risk owners in developing risk treatment plans, time estimations, follow-up and report status on action plans.  
9.    Perform tasks as set forth by the management team. 
10.    Provide security awareness and compliance trainings to the IT team as well as end-users in line with the PCI-DSS requirements. 

Qualification(s): 
•    Bachelor's Degree in Information Technology or related technical field. 
•    Candidate should have a minimum of 3+ years either Information Security Risk or Cyber Security Risk experience. 
•    Must have knowledge of cloud-based environments (AWS, GCP, Azure, etc.) with cloud governance experience 
•    Must have experience in working in e-commerce environments and PCI-DSS V3.2.1/4.0. 
•    Sound working knowledge of industry best practices (NIST, ISO, SANS, COBIT) and Legislative and Regulatory and Industry Compliance Requirements (PCI, CCPA, GDPR etc.). 
•    Clear understanding of SDLC process and how Security validation is tied to that. 
•    Must have exceptional written, verbal and presentation communication skills. 
•    Ability to facilitate cross-functional teams. 
•    Ability to translate business requirements into control objectives. 
•    Strong project management skills.

Good to Have: 
•    Experience with PCI-DSS v4.0 
•    Experience of GRC Tools (such as Service Now, RSA Arche

Exciting Benefits we offer:

• Market-leading Salary

• Medical Coverage – Self & Dependents

• Parents Medical Coverage

• Provident Fund

• Employee Performance-based bonuses

• Home Internet Subsidy

• Conveyance Allowance

• Profit Sharing Plan [Tenured Employees Only]

• Life Benefit

• Child Care Facility

• Company Provided Lunch/Dinner

• Professional Development Budget

• Recreational area for in-house games

• Sporadic On-shore training opportunities

• Friendly work environment

• Leave Encashment

Disclaimer: At Contour, we attribute our success to the unique contributions of our diverse staff. We’re committed to fostering a culture of respect that thrives on the varied perspectives and experiences of all individuals we recruit, employ, promote, and compensate. Since day one, we’ve adhered to a policy that champions a work environment honoring the worth and dignity of each person while being free from all forms of employment discrimination.

In our continuous effort to promote inclusivity, we extend our commitment to individuals with special needs by providing reasonable accommodations. We actively encourage qualified individuals with special needs to apply for the various openings within our company. Should you require assistance in completing the application process or have any inquiries regarding special facilities, please do not hesitate to contact our HR team. Your unique talents and abilities are welcomed and valued here.