Oversee the organisation’s security infrastructure, governance, and operational security across all operating territories (currently Pakistan, UAE, and UK), including all client engagements.
Author, review, and maintain comprehensive security policies, procedures, and standards aligned to recognised frameworks such as ISO 27001, NIST CSF and OWASP ASVS..
Conduct regular risk assessments, audits, monitoring and compliance reviews and reports to meet international and regional regulatory expectations.
Perform security awareness training for employees including during both onboarding and on an ongoing basis.
Ensure achievement and renewal of all necessary security accreditations including ISO 27001, Cyber Essentials and PCI-DSS.
Manage corrective action plans and lead remediation efforts for identified security risks.
Perform due diligence for supply chain and vendor security, including third-party risk assessments for partners in Pakistan, UAE, and the UK.
Produce SOC2 reports.
Collaborate closely with engineering, delivery, and client teams to improve overall security maturity and awareness across the organisation with a DevSecOps approach.
Monitor emerging cybersecurity threats, technologies, and compliance requirements to proactively enhance the security framework.
Support security requirements for cloud, SaaS, fintech, and platform-based deployments across multiple markets.

Significant experience in information security, ideally in fintech, telecom, digital platforms, or technology services.
Proven experience implementing ISO27001 and securing accreditation in an agile software development environment.
Familiarity with, and commitment to, a DevSecOps approach to software security.
Demonstrate understanding of cyber security frameworks such as NIST CSF or Cyber Essentials and web application security frameworks such as OWASP ASVS.
Strong knowledge of assurance and auditing frameworks, especially SOC2.
Demonstrated experience in developing and maintaining information security policies and operational security procedures.
Experience leading risk management initiatives and managing corrective action plans.
Familiarity with third-party risk management and supply chain security.
Strong stakeholder management and the ability to partner effectively with cross-functional and international teams.
Professional certifications such as CISSP, CISM, CISA, CRISC, or ISO 27001 Lead Implementer/Auditor are preferred.
Broad technical understanding across Cloud, SaaS, SDLC, Identity & Access Management (IAM), networking, and vulnerability management.

IT Security Officer

Key skills