Cybersecurity Officer - Risk Management & Compliance

About the role

Riphah International University is seeking a Cybersecurity Officer focused on risk management and compliance. The role will protect the university’s information assets, IT infrastructure and data by implementing security policies, controls and monitoring mechanisms.

Key responsibilities

• Develop, implement and maintain information security policies, standards and an ISMS.
• Conduct risk assessments, maintain a risk register and drive mitigation plans.
• Ensure compliance with ISO 27001, NIST, PCI‑DSS and other regulatory requirements; prepare for audits.
• Lead incident response activities, investigations and reporting.
• Perform security audits, vulnerability assessments and penetration testing, and validate remediation.
• Monitor emerging threats and recommend mitigation strategies.
• Coordinate with IT, compliance and management to strengthen the security posture.
• Manage data classification, encryption, backup and recovery, and integrate security into BCP/DR plans.
• Deliver security awareness training and specialized training for privileged users.
• Oversee SOC operations, including endpoint, firewall, IDS/IPS, VPN and SIEM monitoring.
• Manage access control, identity governance and vendor security assessments.

Required profile

• Bachelor’s degree in Information Security, Computer Science, IT or a related field.
• 3–5 years of experience in information security or cybersecurity roles.
• Strong analytical and problem‑solving abilities with excellent communication skills.
• Relevant certifications such as CISSP, CISM, CEH or ISO 27001 Lead Implementer/Auditor are preferred.

Required skills

• Network security and firewalls
• Encryption techniques
• Security frameworks (ISO 27001, NIST, PCI‑DSS)
• SIEM, DLP and EDR tools
• Risk management and compliance
• Incident response and investigation
• Vulnerability assessment and penetration testing
• Data classification, backup and recovery
• Business continuity and disaster recovery planning
• Security awareness and specialized training
• SOC operations, endpoint protection, IDS/IPS, VPN
• Access control and identity governance
• Vendor security assessment