Cyber GRC Analyst II

Pakistan

Careem

Careem is ‘the everything app’ for the region, making it easier than ever to move around, order food and groceries, manage payments, and more.

View company page

Careem is building the Everything App for the greater Middle East, making it easier than ever to move around, order food and groceries, manage payments, and more. Careem is led by a powerful purpose to simplify and improve the lives of people and build an awesome organisation that inspires. Since 2012, Careem has created earnings for over 2.5 million Captains, simplified the lives of over 50 million customers, and built a platform for the region’s best talent to thrive and for entrepreneurs to scale their businesses. Careem operates in over 70 cities across 10 countries, from Morocco to Pakistan.

Careem is looking for a Cyber GRC Analyst II. As a member of an agile team, you will be responsible for the design, implementation, enhancement and maintenance of our Cyber Risk and Compliance Programs. In addition to ensuring proper reporting of security controls,  you will be expected to collaborate and manage relations with the business teams and external third party stakeholders, propose solutions to reduce cyber risk exposure and drive constant innovation on the ground in a dynamic environment.  While working independently, you will also be responsible for identifying gaps and cyber risks and pushing for implementation and wider adoption of these security controls

The individual will work closely with our Infrastructure, IT, Compliance and Legal  teams to help build a secure and robust enterprise Risk Management Program. We operate under multiple regions and this brings interesting challenges for you to solve in the Compliance and Regulatory landscape. 

Responsibilities

Risk Management:

  • Conduct risk assessments to identify potential risk events and assists in the development and implementation of risk management strategies.
  • Collect and analyzes data to support risk mitigation efforts.
  • Collaborate with colleagues to monitor risks, report status, and develop countermeasures and contingency plans.
  • Conduct comprehensive third-party cyber security assessments; evaluate the security posture of third parties to identify vulnerabilities, gaps, and areas of non-compliance; and identify and recommend security controls, best practices, and risk mitigation strategies in alignment with business
    Compliance Management:
  • Conduct compliance assessments to identify gaps and ensure adherence to applicable regulations and standards.
  • Working knowledge of NIST Cyber Security Framework (CSF), ISO27001 and ISO27005
  • Familiarity with Data Privacy Laws, NESA UAE-IA, PCI-DSS, CBUAE-SVF KSA’s SAMA
  • Liaise with external auditors and facilitate external audits
    Governance & Reporting:
  • Assist in the development and review of policies and procedures related to cybersecurity and risk management.
  • Collaborate  with stakeholders to ensure policies and procedures align with organizational goals and regulatory requirements.
  • Develop dashboards and assist in the preparation of reports and presentations on cybersecurity controls and risk-related matters.
  • Hands-on experience of a GRC tool in managing risk and compliance program (preferable)

Qualifications:

  • Bachelors  in a Computer Science, Information Systems, or a related field
  • 4-6 years of total experience in an Information Security role.
  • Technical understanding of SIEM, EDRs, Vulnerability Management, DLP solutions, and the Cloud (preferably AWS).
  • Effective communication skills.

What we’ll provide you

We offer colleagues the opportunity to drive impact in the region while they learn and grow. As a full time Careem colleague, you will be able to:

  • Work and learn from great minds by joining a community of inspiring colleagues.
  • Put your passion to work in a purposeful organisation dedicated to creating impact in a region with a lot of untapped potential.
  • Explore new opportunities to learn and grow every day.
  • Work 4 days a week in office & 1 day from home, and remotely from any country in the world for 30 days a year with unlimited vacation days per year. (If you are in an individual contributor role in tech, you will have 2 office days a week and 3 to work from home.)
  • Access to healthcare benefits and fitness reimbursements for health activities including gym, health club, and training classes.
Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Agile Audits AWS Cloud Compliance Computer Science Governance ISO 27001 ISO 27005 NIST Privacy Risk assessment Risk management Security assessment SIEM Vulnerabilities Vulnerability management

Perks/benefits: Career development Health care Team events Unlimited paid time off

Region: Asia/Pacific
Country: Pakistan
Job stats:  4  1  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.