Information Security Manager

Description:

We're Hiring: Information Security Manager

Position: Information Security Manager
Reports to: Chief Information Security Officer
Location: Lahore, Pakistan
Type: Full-time, On-site

You will develop and lead a comprehensive information security program that safeguards YAP's assets, customer data, financial transactions, and reputation. This is a high-impact leadership role where you'll shape enterprise-wide security strategy, manage risk in a regulated fintech environment, drive compliance (including PCI DSS, ISO 27001, and SBP guidelines), and build a high-performing security team.

Key Responsibilities Include:
- Developing and executing an enterprise information security strategy aligned with YAP's business growth and fintech objectives
- Leading risk assessments, threat modeling, mitigation strategies, and continuous monitoring of security incidents
- Ensuring robust compliance with PCI DSS, ISO 27001, data privacy regulations, and third-party vendor security
- Overseeing data protection, DLP, incident response planning & execution, and business continuity/disaster recovery
- Managing technical security controls (firewalls, IDS/IPS, endpoint protection, vulnerability management, penetration testing)
- Driving security awareness training and fostering a security-first culture across the organization
- Collaborating closely with IT, product, development, and engineering teams to embed security in the product lifecycle
- Leading and mentoring the information security team – hiring, development, performance, and resource allocation
- Reporting security metrics, risks, and posture to executive leadership
- Staying ahead of emerging cyber threats and recommending advanced technologies to future-proof our defenses

What We're Looking For:
- 5+ years of progressive experience in information security/cybersecurity, with proven leadership managing programs and teams (fintech, banking, or payments experience highly preferred)
- Deep knowledge of cybersecurity best practices, risk management, and compliance frameworks (PCI DSS, ISO 27001, SBP regulations)
- Hands-on experience with incident response, vulnerability management, secure SDLC, and security tools/controls
- Strong stakeholder collaboration skills and ability to communicate complex security concepts to technical and non-technical audiences
- Passion for fintech innovation and protecting customer trust in a digital-first world
- Relevant certifications (e.g., CISSP, CISM, CRISC, CEH) are a strong plus