Deputy Director (Governance, Risk Assessment, and Compliance) (Contractual)

Educational Background:

• Bachelors (4 Years) in Computer Science/Information Technology/Cyber Security/Information Security Data Science/Artificial Intelligence or equivalent in a related field from an HEC recognized university(Degrees must be attested by HEC)

Job Location:

• Islamabad

Professional Experience:

• Minimum 6 to 10 years post-graduation experience, with at least 3 years in Governance, Risk Management, and Compliance roles.

• Well conversed with Gen AI tools and technologies to support and conduct GRC.

• Certification in ISO-27001, CISM,  CISA and CISSP will be preferred.

Responsibilities, Skills and Competencies:

• Lead compliance with ISO 27001, ISO 27701, ISO 22301, ISO 31000, NIST, SP 800/37, NIST CSF, NIST RMF, NIST AI RMF, PCI DSS, PKI/Web Trust Controls.

• Establish AI Governance Frameworks for AI/ML/Gen AI Systems.

• Develop controls for Responsible AI, Explainability, Model Risk Management, Bias Detection, Privacy Preservation.

• Manage AI risks including prompt infection, LLM data leakage, Shadow AI, AI supply chain risk.

• Solid understanding of security frameworks, such as ISO 27001, NIST, and CIS controls in the context of current and emerging threat landscape.

• Hands-on experience in scoping and conducting Information Security Audits.

• Staying current on best practices and technological advancements and acts as a technical resource for security assessment and compliance.

• Deep knowledge of information security principles, practices, and technologies, including understanding of threat landscapes, vulnerabilities, and attack vectors.

• Proficiency in risk assessment methodologies, risk identification, risk analysis, and risk mitigation strategies.

• Proficiency in IS Policy formulation, writing of SOP’s and instructions.

• Proficiency in conducting Audits as per ISO requirements and formulation of audit reports.

• Excellent communication skills, both written and verbal are important for conveying information security and compliance information to various stakeholders, including senior management and technical teams

Terms & Conditions:

1. Selected candidate will be hired on contract basis, with a 6-month probation period (extendable if required).

2. Management reserves the right to withhold/cancel the recruitment process, and accept/reject any application at any stage without assigning any reason.

3. Only shortlisted candidates will be called for test/interview.

4. Candidate shall be disqualified if false information is provided.

5. Employees serving in Government/Semi-Government departments must provide/attach No Objection Certificate (NOC) at the time of submission of application.

6. 5 years’ relaxation in age is already included in above age limit.

7. Selected candidate shall provide Medical Fitness and Character Certificates.

8. No TA/DA will be admissible.

9. Attested degrees from Higher Education Commission (HEC)/relevant regulatory bodies must be provided at the time of interview.

10. Females, Minority, Transgenders and Differently-abled candidates are encouraged to apply.

11. Electronic gadgets, mobile phones, smart watches etc. will not be allowed during test and interview.

12. The deadline for submission of application is  May 17 , 2026 and only online applications will be accepted. Application guide can be viewed under the Downloads section.

13.    For further details and to apply, please visit https://careers.nadra.gov.pk.