Cyber Risk Analyst

Grade Level: L1
Location: Islamabad
Last date to apply 20th January 2025

What is Cyber Risk Analyst?

Cyber Risk Analyst manages cybersecurity risk across the organization, focusing on internal cybersecurity risk assessments, asset management, compliance, and employee awareness programs. The role involves developing and updating cybersecurity policies and procedures, ensuring compliance with regulatory frameworks, and collaborating with stakeholders to mitigate cybersecurity risks effectively to enhance and strengthen the organization’s cybersecurity posture. The role also involves designing, implementing, and maintaining the cyber security framework at Jazz.

The role reports directly to the Stream Head Cyber Security with an extended team of 10 team members.

 What does Cyber Risk Analyst do?

·       Perform cybersecurity risk assessments to identify and remediate potential cybersecurity risks and maintain risk treatment plans.  

·       Prepare detailed reports on risk assessment findings and recommendations for senior management.

·       Track and monitor corrective actions to address non-compliance or risk findings.

·       Assist in developing, maintaining, and reviewing the cybersecurity architecture of the systems and applications.

·       Evaluate and review the security posture of both existing and new services, systems, networks, and applications.

·       Draft, review, update, and implement cybersecurity policies, standards, procedures in line with best practices and industry standards such as ISO 27001, NIST CSF, PCI DSS, etc.

·       Assist in implementation and maintenance of ISO 27001 standard and maintain the certification.

·       Assist in implementation and maintenance of NIST CSF.

·       Plan and execute periodic cybersecurity reviews and assessments.

·       Assist in developing and reporting cybersecurity Key performance indicators.

·       Assist in evaluating and planning new cybersecurity solutions.

·       Implement cybersecurity recommendations shared by the Veon Group.

·       Ensure policies are effectively communicated and adhered to across the organization.

·       Perform asset management as per Jazz asset management policy and procedures. Classify and assess the criticality of assets to prioritize risk management efforts.

·       Ensure compliance with cybersecurity regulations and industry standards, including NIST CSF, ISO 27001, and other applicable standards.

·       Plan and manage sourcing of cybersecurity solutions and services.

·       Work closely with cross-functional teams to implement cybersecurity measures.

·       Stay updated with latest cybersecurity trends, tools, and technologies.

·       Propose enhancements to existing processes and controls to improve risk management and compliance.

·       Develop training materials to promote security practices within the organization.

·       Plan and conduct cybersecurity awareness sessions for employees.

Jazz is an equal opportunity employer. We celebrate, support, and thrive on diversity and are committed to creating an inclusive environment for all employees.

Requirements

What are we looking for and what does it require to be Cyber Risk Analyst?

• BS/MS in Information Security/Information Technology/Computer Science or a related field.
• 1-3 years of proven experience in cybersecurity governance, risk management, awareness, & compliance. Experience in telco sector will be preferred.
• Strong understanding of cybersecurity frameworks like ISO 27001, NIST CSF, PCI DSS, etc.

·       Familiarity with GRC tools, practices, and methodologies.

·       Familiarity with cybersecurity policy development, asset management, and employee awareness programs.

·       Experience of implementing and maintaining ISO 27001 in previous organizations.

·       Strong technical skills and knowledge to understand and evaluate technical vulnerabilities. 

·       Relevant certifications such as ISC2 CC, ISO 27001 Lead Auditor/Implementer shall be preferred.

·       Functional

o   Self-starter needs no or little supervision.

o   Ability to organize, plan and document tasks.

o   Ability to manage internal & external stakeholders.

o   Possess good logical and analytical skills to help in analysis of Cyber Security risks

o   Strong analytical and problem-solving skills.

o   Excellent communication and presentation skills

o   Ability to explain technical concepts to non-technical audiences.

o   Ability to handle internal and external stakeholders.

·       Technical

o   In depth knowledge of the GRC concepts.

o   In depth knowledge and hands-on experience of ISO 27001, NIST CSF standards

o   Strong security risk management skills.

o   In depth knowledge and hands-on experience of security standards and compliance standards.

o   Knowledge of vulnerability assessment tools and cloud security platforms

o   Strong logical and analytical skills to help define and plan new security solutions.

o   Provide value to business stakeholders and help them meet their business targets.

o   In depth knowledge of cybersecurity regulations. 

o   Skill in recognizing and categorizing types of vulnerabilities and associated attacks.

o   Understanding of incident response processes

o   Strong skills in analyzing and reporting risk data using tools like Excel or PPT, Power BI. 

Benefits

As one of the leading employers in the country, Jazz epitomizes the philosophy that each Jazz employee is passionately living a better every day inspired and enabled by visionary leadership, a unique professional culture, a flourishing lifestyle, and continuous learning and development.

As one of the largest private sector organizations in Pakistan, our objective is to continue to change the lives of our 75 million customers for the better. This is an opportunity for someone who wants to be part of something transformative, someone who can play a critical role in driving our success. Together, we can empower millions more with the tools necessary to progress in an increasingly digital economy.