FF Job Portal

Information Security Auditor

Job Details

Rawalpindi, Pakistan
Fauji Foundation Head Office
Employment Status:
Job Posted:
Last Date to Apply:
Preferred Candidate(s)
Year of Experience:
8 Year(s) in Field of Audits
Both (Male & Female)
Min 25 Year(s)
Job Description:
  • Job Title:   Information Security Auditor

    Essential Qualification:

    • Bachelor’s Degree in IT Related Fields from HEC Recognized University/ Reputed Foreign University.


    • Certified Information Systems Auditor (CISA) (essential), CISSP or similar.


    1. Must know about recertification of third party contract deliverables (e.g., SOC II, and/or III reports, Attack and Penetration assessments).
    2. Technical vulnerability analyses, policy compliance reviews, disaster recovery planning, and other related services working knowledge.
    3. Technical Knowledge of conducting security risk assessments or IT audits using standardized processes such as NIST SP 800-30, ISO 27001, SOC 2, or similar.
    4. Technical Knowledge of cybersecurity controls frameworks and data privacy regulations such as NIST SP 800-53, ISO 27001/2, HIPAA, CIS Controls, NIST CSF, HITRUST, GDPR, CCPA, or similar.


    1. 4 years of work experience as an IT Auditor. (e.g. compliance or Cybersecurity).
    2. Experience in understanding of IT audit methodologies & cybersecurity trends and hacking techniques.

    Tasks / Responsibilities:

    1. Examine internal IT controls, evaluate the design and operational effectiveness, determine exposure to risk, and develop remediation strategies.
    2. Troubleshoot security and network probl.
    3. Respond to all system and/or network security breaches.
    4. Responsible for risk assessment and continued compliance with ISO/IEC 27001:2013.
    5. Penetration testing and system hardening of computing & networking devices using Nessus Pro and other assessment tools.
    6. Security auditing of corporate network.
    7. Policy making and procedure writing covering information security management and incident response.
    8. Incorporation of information security requirements in vendor contracts and service level agreements.
    9. Conducting information security awareness trainings for employees and stakeholders.
    10. Evaluating latest information security technologies for adoption/migration in future.
    11. Plan, implement, monitor, and upgrade security measures for the protection of the organization’s data, systems, and networks.
    12. Participate in the change management process.
    13. Test and identify network and system vulnerabilities, and create counteractive strategies to protect the network.
    14. Conduct efficient and effective IT audit procedures.
    15. Communicate complex technical issues in simplified terms to the relevant staff.
    16. Perform regular audit testing and provide recommendations.
    17. Review, evaluate, and test application controls.
    18. Provide recommendations and guidance on identified security and control risks.
    19. Develop a strong understanding of business and system processes.

Note: No CVs in hard copy will be entertained. Only apply online through FF Jobs Portal or send your resume at ffjobs@fauji.org.pk

Further Detail ...

Please Login OR Signup to apply.