| 01 |
Position / Job Title |
Wing Head AM L/Compliance Audit Program |
|
| |
Reporting to |
Divisional Head, Compliance & International Audit Program |
|
| Educational! Professional Qualification |
- Minimum Bachelor's degree from HEC recognized University / Institute or equivalent.
- Candidates having Master's Degree and / or additional relevant professional qualification or certifications in the respective field will be preferred.
|
|
| Experience |
- Minimum 10 years of banking experience with at least 3 years in AML I CFT & Regulatory Compliance function in the financial industry
|
|
| Other Skills/ Expertise/ Knowledge Required |
- Should possess sound knowledge of AML / CFT and regulatory compliance related to Banking Operations
- Ability to work in a fast-paced, deadline-driven environment, which demands high quality creative and consistent work.
|
|
| Outline of Main Duties / Responsibilities |
- To work as a lead reviewer for managing the audit engagements as per Audit Policy and Audit Manual.
- To review and finalize Audit Engagement Plans of entities
- To coordinate with the audit teams for timely completion of the audit assignments
- To hold meetings with the auditee management to discuss the audit issues
- To supervise timely escalation of reportable/critical issues and periodical follow-up
- To finalize audit reports and release them to the auditee management
- To supervise timely preparation of periodical returns/statements required by A&IG-HO
- To implement Internal Quality Assurance recommendations
- To supervise the documentation of audit work papers and ensure safe keeping of audit records (reports, work papers etc.).
- To manage special audits / other financial crime investigations
- To assist/participate in audits of International locations of the Bank
|
|
| Place of Posting |
Karachi |
|
| 02 |
Position / Job Title |
Cyber & Information System Security Auditor |
|
| |
Reporting to |
Wing Head. IS Audit Wing |
|
| Educational/ Professional Qualification |
- Minimum Bachelor's degree from HEC recognized University / Institute or equivalent.
- Candidates having Master's Degree and / or additional relevant professional qualification or certifications in the respective field will be preferred.
|
|
| Experience |
- Minimum 6 years of relevant experience in Information System / Security Audit.
- Technical hands-on experience in areas of Applications security. Network security, key concepts of TCP/IP stack, routing, Web-based infrastructures, Firewalls will be preferred.
- Preference will be given to candidates having the hands-on experience and understanding of: Tools and concepts: SQL injection, cross-site scripting, buffer overflow, Metasploit, burp suite, Nexpose, MBSA, privilege escalation, reverse shell. reverse-engineering. Wireshark / Tcpdump, etc.
|
|
| Other Skills/ Expertise/ Knowledge Required |
- Knowledge of intrusion testing / vulnerability assessments methodology and standards on complex infrastructures / large networks.
- Well versed about hacking techniques and their remedies / controls to be in place.
- Understanding and experience of Data Protection rules, regulations, best practices, Security Architecture, design and risk assessment of data centers, security products evaluation at network, application, data and end point level security solutions. Able to extract and finalize the audit reports based on automated auditing and security tools
- Good command over system architecture, cyber security architecture, networks, designs, Virtualization, eCommerce, Open Banking platforms etc.
- Good understanding over Payment Systems. banking IT systems, network and application security design architecture.
- Able to identify the system's weaknesses by performing vulnerability assessment activities such as intrusion / penetration test, security measures and internal controls by the related management.
- Understanding of cyber / IS security during entire "application development life cycle".
- Good command over tools such as Kalilinux Suite, SIEM. Security Operations Centre, Info. Sec. Tools, etc.
- Ability to work in a fast-paced, deadline-driven environment, which demands high quality creative and consistent work.
|
|
| Outline of Main Duties / Responsibilities |
- To conduct audits related to Cyber / IS Security and other IT assignments and reviews of systems, applications, etc. including reviews of implementations of systems and related enhancements.
- To conduct IS audit assignments as per approved IS Audit plans, perform audits independently or under team leader, issue draft reports, discuss with related management for conclusion of draft and issuance of final audit reports.
- To analyze, document, report and validate the implementations of security recommendations identified during Cyber / IS / IT security audits.
- To follow-up the open audit issues, MAPs, etc.
- To prepare and keep updated the related audit documents such as Risks Controls Matrices (RCMs) / checklists / Audit Programs, Engagement Plans, IS / IT Manual, Guides for auditors and other pre- / post-audit tasks.
- To prepare periodical reports, audit QA checklists etc.
- To prepare summary of significant issues for review. compliance and reporting to senior management / BAC / etc.
- To provide assurance on the internal controls environment in the Bank for IS/IT assets and also to provide assurance on integration of and compliance with security best practices, frameworks, and regulations in the IT / IS projects.
- To identify the vulnerabilities and flaws in related controls (design and implementation) in networks, operating systems, data centers, etc.
- To prepare information / data for SBP inspection team, external auditors and law enforcement agencies through nominated coordinator / focal person.
- To identify the systems' weaknesses by performing vulnerability assessments activities such as intrusion / Penetration tests, security measures implemented during the development / deployment of systems and internal controls by the related management;
- Any other task as assigned by immediate head/supervisor.
|
|
| Place of Posting |
Karachi |
|
| Assessment Interview(s) |
Only shortlisted applicants strictly meeting the above-mentioned basic eligibility criteria will be invited for panel interview(s). |
| Employment Type |
The employment will be on contractual basis, for three years which may be renewed on discretion of the Management. Selected candidates will be offered compensation package and other benefits as per Bank's Policy / rules. |
Jobs Home
Cities
Govt Depts
Comapnies
Industries
Professions
