Career Opportunity in State Bank of Pakistan

 

State Bank of Pakistan (SBP), the Central Bank, is looking for talented and energetic candidates for the following positions in Cyber Security Department (CySD), based in Karachi.

Assistant Director (OG-2) - Cyber Operations & Response

Key responsibilities of the incumbent will include, but not limited to, the following: Continuously monitor security alerts and events from various sources, including Security Information and Event Management (SIEM), File Integrity Monitoring (FIM), security controls, threat intelligence platforms and systems. Implement and fine-tune detection rules to improve the accuracy of alerts and minimize false positives. Analyse threat intelligence feeds to identify emerging threats and vulnerabilities that may impact the Bank’s IT asset. Maintain documentation related to security tools, including configuration settings, usage guidelines, and maintenance procedures. Manage and administer security tools and technologies, ensuring optimal configuration and performance. Regularly review and assess SOC processes, identifying areas for improvement and efficiency gains. Collaborate with vendors, consultants and service providers to ensure the delivery of security services and tools aligns with Bank’s requirements. Develop and maintain incident response plans and procedures, ensuring they are regularly tested and updated. Maintain Cyber Incident Management Framework, perform regular review, arrange management approvals and training of relevant internal stakeholders. Conduct simulations of response activities and table top exercises to enhance preparedness and resilience of the Bank against cybersecurity incidents. Coordinate the response to security incidents, ensuring timely containment, eradication, and recovery efforts. Conduct pre-incident preparation exercises and post-incident reviews to identify lessons learned to improve future response efforts. Prepare and present regular reports on security incidents, trends, and the overall security posture to management. Conduct initial triage of security incidents to assess severity and determine necessary escalation and coordination with external incident response service providers. Perform other relevant tasks as assigned by the management.

 Eligibility Criteria:

Education:	Bachelors or Masters Degree (16 years of education) in Information Security, IT, Computer Science, or similar relevant field from reputable HEC recognized domestic or foreign university. Relevant IT / Cyber Security / Cyber Defence Credentials like GIAC SOC, CEH, CHFI and other Blue Teaming Certifications would be preferred.
Age:	Maximum 28 years, as on the date of advertisement.
Experience:	At least 03 years of relevant experience.

 Compensation:

Competitive compensation package, as per State Bank rules.

Deputy Director (OG-3) - IS Governance

Key responsibilities of the incumbent will include, but not limited to, the following: Contribute to the development of the Bank’s cybersecurity strategy, aligning it with Vision-2028’s business objective to enhance Bank’s cybersecurity resilience. Review, update, and maintain internal cybersecurity policies, framework, and standards to ensure coverage of applicable legal requirements and industry best practices. The incumbent will also ensure relevance, accuracy and effectiveness of cybersecurity artefacts. Respond to queries regarding the interpretation of governance artefacts, providing clarity and actionable guidance to IT, Audit and business departments. Conduct gap assessments and assist with compliance and audit processes to ensure adherence to internal cybersecurity policies, standards and best practices. Manage exceptions to cybersecurity requirements, prepare approval case and act as subject matter expert to provide feedback. Provide support during the implementation phase of policies and evaluate the impact of recommended changes. Oversee the classification of the Bank’s information assets to enhance data protection, selection of appropriate risk controls and better risk management strategies. Prepare department’s annual business plan including budget, with facilitation to internal stakeholder. Strategy, Business Plan, and budget tracking and reporting. Contribute in design, development, and implementation of cybersecurity Awareness and Training program to raise awareness of cybersecurity policies and practices among employees, fostering a culture of security within the Bank. Conduct bank-wide cybersecurity phishing simulation campaigns on a regular basis including management and administration of the simulation system. Facilitate discussions across departments to assess the feasibility and impact of new cybersecurity policies, balancing IT operation’s availability & business needs with required protections. Perform other relevant tasks as assigned by the management.

 Eligibility Criteria:

Education:	Bachelors or Masters Degree (16 years of education) in Information Security, IT, Computer Science or similar relevant field from reputable HEC recognized domestic or foreign university. Relevant IT / Cyber Security Certifications like CISSP, CISM, CISA, CRISC, PMP would be preferred.
Age:	Maximum 33 years, as on the date of advertisement.
Experience:	At least 05 years of relevant experience.

 Compensation:

Competitive compensation package, as per State Bank rules.

Joint Director (OG-4) - Information Security Governance Division

The incumbent will be responsible to develop, review and regularly update Bank’s Cyber Security and Data Protection Policies, Frameworks, Standards and associated SOPs and ensure implementation and compliance. Key responsibilities of the incumbent will include: Lead the development of Cyber Security Strategy and ensure its timely implementation Develop Cyber Security maturity model in line with international standards and measure Bank’s posture against it for improvements. Review and update IT Security Policies, Cyber Security Framework and standards on regular basis in coordination with all relevant stakeholders. Review and update Data and System Classification Policy and Framework. Coordinate with stakeholders to ensure its implementation and continuous monitoring through tools and processes. Plan, develop, and execute Cyber Security Awareness Program at the Bank level. Review and update training and awareness content for both classroom and online training. Regularly report program status to management. Ensure department’s compliance obligations are met by maintaining coordination and submitting timely updates on compliance items related to audit observations and decisions of the Board and Management Committees. Coordinate with IT & other stakeholders for implementation of cybersecurity strategic projects. Monitor and report progress to the CISO on regular basis. Ensure Business Plan of the Department is timely developed and submitted including quarterly status. Supervise to execute Bank-wide simulated phishing campaigns on regular basis and report necessary statistics with suggestion to management. Coordinate with stakeholders for necessary action on security advisories receive from external sources, manage departmental broadcasts. Manage co-ordination with internal training departments including annual training needs assessments, identifying skill gaps, and communicating training nominations. Collaborate with the Human Resource Department (HRD) on issues related to job descriptions, manpower planning, recruitments and performance management. Perform any other task assigned by the Senior Management

 Eligibility Criteria:

Education:	Bachelors or Master's Degree (minimum 16 years of education) in Cyber/Information Security, IT, Computer Science, Computer/Software Engineering, Telecommunication or similar relevant field from reputable HEC recognized domestic or foreign university. CISSP, CISM, CRISC, CISA, COBIT or any other relevant IT / Cyber Security Management certifications would be preferred.
Age:	Maximum 40 years as on the date of advertisement
Experience:	At least ten (10) years of experience working full-time in IT Security, Information/Cyber Security with recent five (05) years at middle-management position under GRC portfolios

 Compensation:

Competitive compensation package, as per State Bank rules.

Application Procedure:

Interested candidates meeting the above-stated eligibility criteria may submit their applications online onwww.sbp.org.pk/careers/status.asp. Last date of application submission is February 17, 2025. Applications, which are not in accordance with defined requirements in the advertisement, will not be entertained. Only shortlisted candidates will be contacted.

We are an Equal Opportunity Employer. Females, candidates from minorities, transgender persons and persons with disability are encouraged to apply.

Any candidate who misinforms, attempts to influence the recruitment process in any manner, tries to obtain support for his/her candidature by inappropriate means or tampers with evidence of his/her age, educational and other certificates, shall be disqualified from the current and any future recruitment process at the Bank; even if the candidate is otherwise eligible.