State Bank of Pakistan, the Central Bank, regulates the monetary and credit system of Pakistan and fosters its growth in the best national interest with a view to securing monetary stability and optimum utilization of country’s productive resources.

To further strengthen institutional capacity and as part of Strategic Plan to strengthen HR base, SBP invites applications from talented, self-motivated, result oriented and energetic candidates in the field of IT Security. The positions are permanently based at Karachi. We are an equal opportunity employer and provide excellent opportunities for candidates desirous of building a long-term career in a challenging environment at SBP.

 Deputy Director – Security Operations Centre (OG-3)

 Key responsibilities of the incumbent will include, but not limited to, the following:

	To deploy, operate and maintain security incident monitoring & log solution using standard SIEM technology and integrate it with existing IT infrastructure.
	Continuous monitoring of real time logs generated by IT systems and other sources of information.
	To monitor networks, systems and applications, for events and traffic indicators that signal intrusion and take necessary actions.
	Monitor real-time interfaces of critical infrastructure security controls (firewall, IDS/IPS, antivirus, Spam server, proxy server etc.).
	Prepare monthly reports on Cyber activity taking place on SBP network for senior management and other stakeholders.
	Coordinate and collaborate with IT operations on security monitoring issues and activities.
	To operate Vulnerability Management solution and apply necessary vendor updates through IT.
	To perform Software Vulnerabilities Assessment (SVA) operations on quarterly basis, generate reports and follow up IT teams on identified vulnerabilities fixation.
	Take timely backup of configurations and database files of SVA system.
	Vulnerability Assessment of OS, network, DBMS, applications and end users.
	Develop customized reports on SVA operations for IT teams and relevant stakeholders.
	Responsible for taking action on alerts, events, and incidents escalated from the Intrusion Analysts.
	Triage incidents, their priority and the need for escalation.
	Investigates potential escalations regarding various attack types.
	Monitoring for emerging threat patterns and vulnerabilities.
	Assists with patching recommendations and generate workarounds for zero-day threats.
	Manage Threat Intelligence and SIEM platforms.
	Communicates with management on incident updates.

 Eligibility Criteria:

 Deputy Director – IS Policies and Standards (OG-3)

 Key responsibilities of the incumbent will include, but not limited to, the following:

	Review and update Information Security Policy and other security standards of the Bank.
	Drive consensus across cross-functional departments to determine new policy feasibility and impact, balancing business needs, culture, and required protections.
	Provide support during the implementation phase and assess impact of recommendations for changes to the Policy.
	Continuously assess existing policies for relevancy, accuracy and impact.
	Maintain and implement policy management lifecycle processes that scale to the SBP environment.
	Support implementation of Information Security Policy enforcement and exception processes.
	Evaluate and prioritize policies that require preventative, detective, and awareness-only enforcement.
	Develop scalable ways with cross-functional departments to proactively enforce high priority policies while reactively responding to violations of lower priority policies.
	Work with Risk department and IT Risk Management division to identify and manage risks associated with policy violations and exceptions.
	Design, build, and review relevant training content to increase awareness of Information Security Policy, programs, and practices.
	Assists with patching recommendations and generate workarounds for zero-day threats.
	Communicates with management on incident updates.

 Eligibility Criteria:

 Deputy Director – IT Risk Management & Asset Security / IT Risk (OG-3)

 Key responsibilities of the incumbent will include, but not limited to, the following:

	To perform continuous risk profiling of IT infrastructure and identify, assess, quantify, and highlight cyber security risk factors that may adversely affect business continuity of organization.
	Assist to check and ensure compliance of applicable and obligatory Information Security Risk Assessment Framework within scope of SBP & its subsidiaries.
	Escalate identified risks to the relevant stakeholders and prepare risk reviews to highlight critical risks to the Senior Management.
	Identify, assess, measure and monitor IT risk by performing hands-on risk assessments on periodic basis.
	Develop and maintain a risk register and maintain an up-to-date understanding of emerging trends in IT security risks; apply new techniques and trends, in-line with overall IT security objectives and risk tolerance level.
	Maintain assessment criteria of applications & systems for measuring compliance of company policies, procedures, standards, security training programs, technical infrastructure, applications and development efforts against defined compliance baselines.
	Work closely with Enterprise Risk, Internal Audit, Procurement & Compliance to identify compliance baselines from legislative requirements and organizational objectives.
	Conduct/Participate in Internal/External penetration testing and security assessment exercises/security audits of Enterprise wide IT Infrastructure and Applications including Endpoints, Physical/Virtual Servers Infrastructure, Databases, Network Nodes, Security Appliances, Banking Systems, Storages, Web Applications and DWH/BI systems.
	Develop, document, maintain and support the information security risk management program in line with information security policy, practices and leading industry standards.
	Understand information security risks pertinent to its business goals and technology infrastructure and support an enterprise information security risk program to identify & assess and respond to risks.
	Conduct Enterprise wide Cyber Security risk reviews and security testing with core focus on Critical Business Applications and IT network Infrastructure.

 Eligibility Criteria:

 Assistant Director - Security Operations Centre (OG-2)

 Key responsibilities of the incumbent will include, but not limited to, the following:

	Assist to develop a digital forensics SOP for investigation and forensics of IT security incidents with the bank.
	Coordinate with SOC team for forensics analysis of cyber incidents.
	Seizure, acquisition and analysis of evidence and devices wherever required.
	Assist to develop a Forensics and Investigation plan for security incidents, wherever required.
	Create processes for the investigations lifecycle to meet delivery timelines.
	Conduct forensic investigations of laptops, PC, servers, cell phone devices, seized digital media, and other electronic storage devices using forensic tools and methods.
	Coordinate with law enforcement and other regulatory bodies during and following a security incident.
	Summarize information from investigations, prepare forensics analysis reports for concerned management authorities, and present the same to cross-functional teams and committees.
	Transfer the evidence into a format that can be used for departmental inquiries, to held entities accountable and to testify in disciplinary action committees.
	Coordinate with Incident Management Division and other line departments and external stakeholders.
	To monitor networks, systems and applications, for events and traffic indicators that signal intrusion and take necessary actions.
	Coordinate and collaborate with IT operations on security incidents and policy breaches.
	Undertake and complete other tasks and assignments as assigned by the divisional head.

 Eligibility Criteria:

 Assistant Director – IT Risk Management & Asset Security (OG-2)

 Key responsibilities of the incumbent will include, but not limited to, the following:

	Conduct Enterprise wide Cyber Security review and security testing with core focuses on Critical Business Applications and IT network Infrastructure.
	Conduct/Participate in Internal/External penetration testing and security assessment exercises/security audits of Enterprise wide IT Infrastructure and Applications including Endpoints, Physical/Virtual Servers Infrastructure, Databases, Network Nodes, Security Appliances, Banking Systems, Storages, Web Applications and DWH/BI systems.
	Periodic analysis of security controls of Enterprise wide IT infrastructure and report vulnerabilities and weakness to the senior management.
	Stay updated with emerging cyber security threats, proactively scan SBP Enterprise wide Infrastructure for Indicator of compromise (IOC) and provide advisory to respective IT Administrators for implementing necessary controls for mitigation.
	To conduct ad-hoc security penetration testing exercises and report vulnerabilities to management and relevant stakeholders.
	To coordinate with IT departments for patching security vulnerabilities and identified security loop holes.
	Any other task Assigned by divisional head.

 Eligibility Criteria:

 Application Procedure

Interested candidates meeting the above mentioned eligibility criteria may may send their detailed CVs to the address mentioned below. Please clearly mark the envelope with the position applied for. Only shortlisted candidates will be contacted. Shortlisted candidates will be required to undergo a written test as part of selection process. Provincial/Regional Quotas are observed as per Federal Government Rules.

Application Deadline: April 01, 2019
Misinformation and any attempt to influence the selection process will be considered a definite disqualification for current as well as for all future recruitments in the Bank, even if the candidate is otherwise qualified.