The Security Operations Architect will provide leadership and strategic direction for security operations, ensuring the protection of information assets through the development, implementation, and continuous improvement of security measures. This role involves designing, evaluating, and optimizing the security operations architecture to safeguard against internal and external threats while maintaining regulatory compliance. Additionally, the role encompasses establishing and maintaining robust security operations governance to ensure effective oversight and accountability, including setting up policies, procedures, and other critical documentation.
• Leadership and Direction: Provide leadership and direction to the Security Operations Center (SOC) team, fostering a high level of motivation and team spirit.
• Strategic Planning: Assist in the planning, development, monitoring, and maintenance of security policies, procedures, and plans to ensure compliance with regulatory requirements and the organization’s security objectives.
• Threat Intelligence and Response: Implement and manage threat intelligence-based controls, proactively mitigating risks and investigating suspected security incidents. Conduct root cause analysis and ensure comprehensive remedial actions.
• Access Control Management: Perform due diligence related to secure access on the basis of least privilege and need-to-know principles. Conduct routine security reviews for data, folders, databases, applications, and system logs.
• Risk Management: Manage the information security risk management program, ensuring timely identification, tracking, and remediation of security-related risks.
• System Audits and Assessments: Conduct routine and on-demand system audits, vulnerability assessments, penetration testing, and compliance checks. Ensure all findings are addressed promptly.
• Security Architecture Design: Provide input on the design, implementation, and ongoing support of network security devices and enterprise network security architecture.
• Security Awareness and Training: Develop and maintain Information Security Awareness training programs. Conduct training sessions to ensure consistent application of security policies and procedures.
• Incident Management: Oversee the logging, management, and MIS maintenance of all information security incidents. Ensure effective event correlation and response using various security tools and threat intelligence sources.
• Policy and Procedure Development: Develop, propose, and implement changes to existing policies and procedures to enhance operating efficiency and regulatory compliance. Create and maintain comprehensive documentation for all security operations.
• Collaboration and Coordination: Act as a liaison for information security matters across various departments. Participate in cross-functional teams to ensure seamless quality service and optimal cooperation.
• Regulatory Compliance: Maintain up-to-date knowledge of rules, regulations, and standards. Ensure that only approved changes are implemented in the production environment after robust testing.
• Technical Reviews and Evaluations: Perform technical risk reviews for all applications and software. Evaluate OS updates and recommend appropriate patches based on threat intelligence.
• Security Operations Governance: Establish and maintain robust security operations governance to ensure effective oversight, accountability, and adherence to best practices and standards. Develop governance frameworks and metrics to measure the effectiveness of security operations and report to senior management.
• Policy, Procedure, and Documentation Management: Responsible for setting up, maintaining, and regularly updating security policies, procedures, and other documentation. Ensure all documents are comprehensive, clear, and accessible to relevant stakeholders.
• Continuous Improvement: Identify opportunities for process improvements within the security operations framework. Implement best practices to enhance the efficiency and effectiveness of security measures.
• 8 years of Experience and Skills: Extensive experience in managing SOC teams, conducting vulnerability assessments, penetration testing, and system audits. Proficiency in security incident management, threat intelligence, and access control management.
• Knowledge and Compliance: In-depth knowledge of information security rules, regulations, and standards. Experience with regulatory compliance and risk management programs.
• Leadership and Collaboration: Proven leadership skills with the ability to motivate and guide teams. Strong collaborative skills to work with cross-functional teams and departments.
• Communication and Training: Excellent communication skills to provide training and ensure consistent application of security policies. Ability to produce detailed reports and documentation.
• Governance and Oversight: Experience in establishing and maintaining security operations governance frameworks. Ability to develop and implement governance metrics and report on security operations effectiveness.
• Policy and Documentation Management: Proven experience in developing and managing security policies, procedures, and documentation.
• Education: Relevant degree in Information Security, Cybersecurity, Computer Science, or related field. Professional certifications (e.g., CISSP, CISM, CEH) are preferred.
This position requires a highly motivated individual with a strategic mindset and a passion for information security to lead the organization’s security operations and architecture to the highest standards while ensuring robust governance, oversight, and comprehensive documentation management
Job Locations:
Head Office
About MMBL:
Mobilink Microfinance Bank Ltd. is providing banking services to over 42 million registered users including 16+ million monthly active customers across Pakistan. With a hybrid model that combines traditional microfinance with mobile/digital banking technologies, the bank now operates with over 100 branches and 200,000 branchless banking agents and provides a USSD (GSM) based digital channel offering savings, micro enterprise (MSME) loans, small housing loans, remittances, collection (utility bills and loan installments), mobile wallets, insurance, G2P, B2B & B2P payments; thus, playing a leading role in the promotion of financial inclusion.
MMBL is committed to fostering a positive and productive workplace, and our core values reflect this focus. These values include promoting innovation and entrepreneurship, encouraging teamwork and collaboration, and prioritizing a customer-centric approach in all aspects of our business.
Why Join MMBL ?
This is an opportunity for someone who is passionate about making a difference and playing a key role in driving transformative change. Our team is committed to empowering millions with the tools necessary to succeed in the digital age, and we're looking for a talented individual to join us in this endeavor.