Cyber GRC Analyst II
Pakistan
Careem
Careem is ‘the everything app’ for the region, making it easier than ever to move around, order food and groceries, manage payments, and more.Careem is building the Everything App for the greater Middle East, making it easier than ever to move around, order food and groceries, manage payments, and more. Careem is led by a powerful purpose to simplify and improve the lives of people and build an awesome organisation that inspires. Since 2012, Careem has created earnings for over 2.5 million Captains, simplified the lives of over 50 million customers, and built a platform for the region’s best talent to thrive and for entrepreneurs to scale their businesses. Careem operates in over 70 cities across 10 countries, from Morocco to Pakistan.
Careem is looking for a Cyber GRC Analyst II. As a member of an agile team, you will be responsible for the design, implementation, enhancement and maintenance of our Cyber Risk and Compliance Programs. In addition to ensuring proper reporting of security controls, you will be expected to collaborate and manage relations with the business teams and external third party stakeholders, propose solutions to reduce cyber risk exposure and drive constant innovation on the ground in a dynamic environment. While working independently, you will also be responsible for identifying gaps and cyber risks and pushing for implementation and wider adoption of these security controls
The individual will work closely with our Infrastructure, IT, Compliance and Legal teams to help build a secure and robust enterprise Risk Management Program. We operate under multiple regions and this brings interesting challenges for you to solve in the Compliance and Regulatory landscape.
Responsibilities
Risk Management:
- Conduct risk assessments to identify potential risk events and assists in the development and implementation of risk management strategies.
- Collect and analyzes data to support risk mitigation efforts.
- Collaborate with colleagues to monitor risks, report status, and develop countermeasures and contingency plans.
- Conduct comprehensive third-party cyber security assessments; evaluate the security posture of third parties to identify vulnerabilities, gaps, and areas of non-compliance; and identify and recommend security controls, best practices, and risk mitigation strategies in alignment with business
Compliance Management: - Conduct compliance assessments to identify gaps and ensure adherence to applicable regulations and standards.
- Working knowledge of NIST Cyber Security Framework (CSF), ISO27001 and ISO27005
- Familiarity with Data Privacy Laws, NESA UAE-IA, PCI-DSS, CBUAE-SVF KSA’s SAMA
- Liaise with external auditors and facilitate external audits
Governance & Reporting: - Assist in the development and review of policies and procedures related to cybersecurity and risk management.
- Collaborate with stakeholders to ensure policies and procedures align with organizational goals and regulatory requirements.
- Develop dashboards and assist in the preparation of reports and presentations on cybersecurity controls and risk-related matters.
- Hands-on experience of a GRC tool in managing risk and compliance program (preferable)
Qualifications:
- Bachelors in a Computer Science, Information Systems, or a related field
- 4-6 years of total experience in an Information Security role.
- Technical understanding of SIEM, EDRs, Vulnerability Management, DLP solutions, and the Cloud (preferably AWS).
- Effective communication skills.
What we’ll provide you
We offer colleagues the opportunity to drive impact in the region while they learn and grow. As a full time Careem colleague, you will be able to:
- Work and learn from great minds by joining a community of inspiring colleagues.
- Put your passion to work in a purposeful organisation dedicated to creating impact in a region with a lot of untapped potential.
- Explore new opportunities to learn and grow every day.
- Work 4 days a week in office & 1 day from home, and remotely from any country in the world for 30 days a year with unlimited vacation days per year. (If you are in an individual contributor role in tech, you will have 2 office days a week and 3 to work from home.)
- Access to healthcare benefits and fitness reimbursements for health activities including gym, health club, and training classes.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Audits AWS Cloud Compliance Computer Science Governance ISO 27001 ISO 27005 NIST Privacy Risk assessment Risk management Security assessment SIEM Vulnerabilities Vulnerability management
Perks/benefits: Career development Health care Team events Unlimited paid time off
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Information System Security Officer jobs
- Open Security Consultant jobs
- Open Information Systems Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Information Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Security Architect jobs
- Open CISA-related jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open GCP-related jobs
- Open ISO 27001-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Vulnerability management-related jobs
- Open Security Clearance-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open SQL-related jobs
- Open PowerShell-related jobs