State Bank of Pakistan (SBP), the Central Bank, is looking for talented and energetic candidates for positions of Deputy Director (OG-3) in Cyber Security Department (CySD), based in Karachi.

Deputy Director (OG-3) - Cyber Security

Key responsibilities of the incumbent will include, but not limited to, the following:

Manage and maintain IT security policies, standards, and guidelines. Ensure policies are reviewed and updated regularly. Plan and perform IT security risk assessments of Bank IT infrastructure, business systems and application on periodic basis to identify, assess, and report cyber security risks. Engage with business and IT departments to understand business processes, IT infrastructure, critical data and systems, security risk posture, and risk appetite. Recommend appropriate security controls and countermeasures to reduce the risks levels to acceptable level. Be a liaison between key stakeholders (IT, Cyber Security, Compliance, Internal Audit, Data Classification, Legal, Procurement and Consultants) and maintain GRC tooling to drive and track compliance with policies and risk mitigation activities. Maintain a centralized risk repository containing identified risks and their status for regular follow-ups with risk owners and reporting to senior management and committees. Investigate security incidents collaboratively with network, system administration and business teams through log analysis, end-user interviews, and evidence collection. Conduct problem management, root cause analysis, and post-mortem reviews after incidents occur. Implement an Incident Management Framework for bank-wide IT security incidents. Establish and update Incident Response Plan and playbooks based on industry best practices and conduct tabletop exercises for cyber security incident preparedness. Maintain a knowledge base and record all IT security incidents following the Enterprise Risk Management Framework and the Bank's Incident Reporting Policy. Perform Business Impact Analysis and review Business Continuity Plans and Disaster Recovery Plans for Information Systems and IT infrastructure. Conduct cyber awareness and training sessions for different audience groups in the Bank. Prepare necessary documents like request for proposal, terms of reference & procurement contracts and manage the execution of cyber security projects in coordination with Procurement, IT and Business Teams. Undertake and complete other official tasks assigned by the management.

 Eligibility Criteria:

Education:	Bachelors or Master’s Degree (minimum 16 years of education) in Cyber/Information Security, IT, Computer Science, Computer/Software Engineering, Telecommunication or similar relevant field from reputable HEC recognized domestic or foreign university. CISSP, CRISC, CHFI, ECIH or any other relevant IT / Cyber Security certifications would be preferred.
Age:	Maximum 35 years, as on the date of advertisement.
Experience:	At least five (05) years post-qualification experience of working in Cyber Security. Preference will be given to candidates having hands on experience of IT Risk Assessments, SOC Operations, Incident Response and Digital Forensics.

 Compensation:

Competitive compensation package, as per State Bank rules.

 Application Procedure

Interested candidates meeting the above-stated eligibility criteria may submit their applications online on https://www.sbp.org.pk/careers/status.asp. Last date of application submission is March 4, 2024.
Applications, which are not in accordance with defined requirements in the advertisement, will not be entertained. Only shortlisted candidates will be contacted.

We are an Equal Opportunity Employer. Females, candidates from minorities, transgender persons and persons with disability are encouraged to apply.

Any candidate who misinforms, attempts to influence the recruitment process in any manner, tries to obtain support for his/her candidature by inappropriate means or tampers with evidence of his/her age, educational and other certificates, shall be disqualified from the current and any future recruitment process at the Bank; even if the candidate is otherwise eligible.