About Contour:
Contour Software is a wholly owned subsidiary of Constellation Software Inc. (CSI), which acquires, manages and builds market-leading software businesses that develop industry-specific, mission-critical enterprise software solutions to serve both the public and private sectors. Prior to going public in 2006, CSI won the prestigious "Canada's 50 Best Managed Companies” award in 2005. Headquartered in Toronto, Canada, and with a global presence, CSI's subsidiaries operate in more than 80 different industries in over 100 countries, generating annual revenues in excess of $3 Billion.
Contour Software currently houses remote employees for more than 80 Departments (R&D, Finance, IT, Customer Support, Professional Services and Other) belonging to more than 80 of CSI's 500+ divisions, in 3 offices [KHI, LHE & ISB]. Contour employees are key players in implementing, supporting, extending, enhancing, and renewing enterprise systems that run thousands of medium and large businesses as well as public institutions, globally.

The Division:
FOG - a division of Vela Software Group part of Constellation Software Inc. - specializes in complete ERP solutions for manufacturers and distributors of make-to-order and engineer-to-order products in the building products, capital equipment, and automotive sectors. FOG also includes a complementary portfolio of software solutions for transportation management, material optimization, supply-chain management, multi-channel merchant, and direct-to-consumer distribution.

The Position:
As GRC Analyst for the FOG Software group , you will support certain companies within the FOG Software operating group to meet the regulatory and compliance requirements specifically PCI DSS as well support in meeting the Vela compliance requirements by working with specific business units IT, customer support, development teams as well as Vela GRC. We are looking for individuals who move fast, can break down and solve complex problems, and have strong ethical values.
The hired candidate will be located and work out of the Contour Software Islamabad/Karachi/Lahore office, working as part of the resource-center, as an extension of the division-based G&A department.

Responsibilities:

1. Document and implement information security policies and standards (related to PCI-DSS and NIST CSF compliance requirements) specific to certain business units.
2. Lead the PCI-DSS compliance initiatives, monitor, and report the gaps in compliance to management.
3. Review information systems, IT and SSDLC practices to ensure compliance with business unit's GDPR/ISO/PCI-DSS requirements as well as Vela security framework requirements including processes, standards, policies, and procedures.
4. Conduct risk assessments to identify potential risk events and assist with quantifying their probability of occurrence and impact on the business and work with risk owners in mitigating those risks.
5. Collaborate IT TechOps and security team to monitor risks and compliance status, report and develop countermeasures and contingency plans.
6. Monitor the security logs of anti-virus and SIEM/IDS to verify that all systems are up-to-date and all incidents are being logged, monitored and timely responded to as per policy requirements.
7. Monitor and evaluate security measures in collaboration with the IT TechOp team to protect against reasonably anticipated threats or hazards to the privacy, security, or integrity of protected information (PII, PCI).
8. Manage external audits and assessments, oversee audit findings and management actions plans. Ensure corrective actions are taken. Work with risk owners in developing risk treatment plans, time estimations, follow-up and report status on action plans.
9. Perform tasks as set forth by the management team.
10. Provide security awareness and compliance trainings to the IT team as well as end-users in line with the PCI-DSS requirements.

• Bachelor's Degree in Information Technology or related technical field.
• Candidate should have a minimum of 3+ years either Information Security Risk or Cyber Security Risk experience.
• Must have knowledge of cloud-based environments (AWS, GCP, Azure, etc.) with cloud governance experience
• Must have experience in working in e-commerce environments and PCI-DSS V3.2.1/4.0.
• Sound working knowledge of industry best practices (NIST, ISO, SANS, COBIT) and Legislative and Regulatory and Industry Compliance Requirements (PCI, CCPA, GDPR etc.).
• Clear understanding of SDLC process and how Security validation is tied to that.
• Must have exceptional written, verbal and presentation communication skills.
• Ability to facilitate cross-functional teams.
• Ability to translate business requirements into control objectives.
• Strong project management skills.

• Experience with PCI-DSS v4.0
• Experience of GRC Tools (such as Service Now, RSA Archer, 6Clicks)
• One or more of the following certifications:
  1. ISO 27001 Lead auditor/Implementer
  2. CISM, CISA and/or CISSP
  3. CRISC

• Market-leading Salary
• Medical Coverage – Self & Dependents
• Parents Medical Coverage
• Provident Fund
• Employee Performance-based bonuses
• Home Internet Subsidy
• Conveyance Allowance
• Profit Sharing Plan [Tenured Employees Only]
• Life Benefit
• Child Care Facility
• Company Provided Lunch/Dinner
• Professional Development Budget
• Recreational area for in-house games
• Sporadic On-shore training opportunities
• Friendly work environment
• Leave Encashment