• What is Assistant Manager IS GRC - MMBL?
  • The role is responsible for supporting the organization’s Information Security Governance, Risk, and Compliance (GRC) function to ensure compliance with regulatory, contractual, and internal security requirements.
• What Assistant Manager IS GRC - MMBL does?
  • • Support implementation, maintenance, and continuous improvement of the Information Security Management System (ISMS) in line with ISO/IEC 27001 requirements.
  • • Assist in risk assessments, risk treatment plans, and maintenance of the Information Security Risk Register.
  • • Support compliance with State Bank of Pakistan (SBP) Cyber Security Framework, policies, and regulatory directives.
  • • Assist in PCI DSS, SOX, ITGC and other regulatory or audit-related activities, including evidence collection and tracking of remediation actions.
  • • Coordinate internal and external security audits, regulatory inspections, and management reviews.
  • • Support third-party / vendor risk management, including security due diligence, risk assessments, and onboarding/offboarding reviews.
  • • Assist in reviewing and updating information security policies, standards, procedures, and SOPs.
  • • Participate in security awareness and phishing simulation programs, including reporting and metrics.
  • • Maintain compliance documentation, dashboards, KPIs, KRIs, and management reporting.
  • • Coordinate with IT, SOC, application teams, and business units on GRC-related requirements and observations.
  • • Perform any other GRC-related tasks assigned by the Manager GRC.
• What are we looking for and what does it require to be Assistant Manager IS GRC - MMBL?
  • • Bachelor’s degree in computer science, IT, or a related discipline with 5+ years of relevant cybersecurity governance experience, preferably in a banking industry.
  • • Exposure to regulatory audits, ISO 27001, SBP requirements, or PCI DSS is highly desirable.
  • • Relevant certifications ISO 27001 (LI/LA), CISA are preferred.
  • • Proven knowledge of SBP cybersecurity regulations, guidelines, and compliance requirements.
  • • Ability to manage and track cybersecurity action plans, risk registers, and remediation activities.
  • • Strong analytical, documentation, and communication skills to engage with technical teams, auditors, and senior management.
  • • Ability to work independently on critical and time-sensitive tasks based on management direction.

• Head Office

Mobilink Microfinance Bank Ltd. is providing banking services to over 48 million registered users including 20+ million monthly active customers across Pakistan. With a hybrid model that combines traditional microfinance with mobile/digital banking technologies, the bank now operates with over 114 branches and 270,000 branchless banking agents and provides a USSD (GSM) based digital channel offering savings, micro enterprise (MSME) loans, small housing loans, remittances, collection (utility bills and loan installments), mobile wallets, insurance, G2P, B2B & B2P payments; thus, playing a leading role in the promotion of financial inclusion. MMBL is committed to fostering a positive and productive workplace, and our core values reflect this focus. These values include promoting innovation and entrepreneurship, encouraging teamwork and collaboration, and prioritizing a customer-centric approach in all aspects of our business.

This is an opportunity for someone who is passionate about making a difference and playing a key role in driving transformative change. Our team is committed to empowering millions with the tools necessary to succeed in the digital age, and we're looking for a talented individual to join us in this endeavor.