Applications are invited for the post of General Manager Cyber Security at National University of Sciences & Technology (NUST).
Department: Information & Communication Technologies Dte
Institute: University Main Office (UMO)
Age Limit: 26 - 50 years
Salary: 229000
Key Responsibilities:
The General Manager (Cybersecurity) provides strategic leadership for NUST’s cybersecurity program, ensuring protection of information assets,
continuity of digital services, and compliance with applicable standards and regulatory requirements. The role is accountable for cybersecurity
governance, risk management, incident readiness and response oversight, and continuous improvement of security controls across people,
process, and technology.
- Develop and execute the institution’s cybersecurity strategy, roadmap, and operating model aligned with NUST objectives and risk appetite.
- Lead and govern core cybersecurity functions (SOC, CERT/Incident Response, GRC, VAPT, security architecture) to ensure consistent service delivery and measurable outcomes.
- Establish and maintain cybersecurity policies, standards, and procedures; ensure alignment with recognized frameworks (e.g., ISO 27001, NIST, CIS Controls) and institutional requirements.
- Own enterprise cybersecurity risk management: identify, assess, prioritize, and track remediation of security risks across networks, systems, applications, and data.
- Oversee SOC monitoring and incident management to ensure timely detection, investigation, containment, and post incident reviews; maintain incident response plans and playbooks.
- Drive vulnerability management and penetration testing programs, ensuring risk based remediation and verification of fixes.
- Lead security-by-design engagement with ICT and business stakeholders, including review of architectures, projects, and third party services.
- Manage cybersecurity budget, procurement, vendor performance, and service contracts; recommend investments based on risk reduction and operational needs.
- Build and lead high performing teams through workforce planning, mentoring, performance management, and capability development.
- Report cybersecurity posture, KPIs/KRIs, and key risks to senior leadership; coordinate with external stakeholders (regulators, law enforcement, industry bodies) as required.
Required Skills:
Knowledge/ Skills/ Abilities
Essential
· Strong understanding of enterprise cybersecurity, security operations, incident response, and vulnerability management.
· Ability to establish governance, policies, standards, and security operating procedures across an organization.
· Working knowledge of leading security frameworks and standards (ISO 27001, NIST, CIS Controls) and audit/compliance practices.
· Strong stakeholder management and communication skills, including reporting KPIs/KRIs and key risks to senior leadership.
· Experience with security program management, budgeting, procurement, and vendor/contract management.
Desirable
· Experience in establishing/maturing an enterprise cybersecurity program (e.g., ISO 27001 implementation, SOC tooling and processes, security awareness program, and security assurance for cloud/third‑party services).
· Exposure to cloud security, identity and access management (IAM), and data protection controls.
· Familiarity with digital forensics concepts and crisis management/communications practices.
Eligibility / Qualification Required:
Qualification:Essential Qualifications
16-year bachelor’s degree in Computer Science, Information Technology, Software Engineering, Information Security, or a related discipline from a reputable HEC recognized University or Institute.
Preferably with exceptional certifications and demonstrated senior leadership experience.
Desirable Qualifications
Master’s (18-year) in Information Security/Cybersecurity/Computer Science or equivalent; additional training in leadership, governance, or risk management.
Experience:
Essential Experience
Minimum 12 years of progressive experience in cybersecurity/IT security, with exposure to security operations, governance, risk, or enterprise security initiatives.
Desirable Experience
12+ years post-qualification experience, including managing teams and cybersecurity programs (e.g., SOC/CERT, GRC, audits, vulnerability management) and coordinating with senior stakeholders.
General Conditions:
Candidates are required to attach scanned copies of their documents (Academics / Professional). Last education certificate/degree must be attested/verified by HEC.
Candidates may be considered ineligible for the post due to any of the following reasons:
- 3rd Div in academic career / weak academic profile.
- NUST employees with less than one year of service with NUST and / or absence of NOC from Head of Institution.
- In process of pursuing a required degree.
- Medically unfit.
- Only selected candidates will be contacted and issued offer letter.
- Candidates serving in Govt departments, Armed forces may apply through their respective parent department / organizations.
Late / incomplete applications will be ignored. Only short-listed candidates will be considered / called for test / interview and no TA / DA will be admissible. NUST reserves the right to cancel, modify / terminate the recruitment program due to any reason, without notice, at any time
How to Apply:
Candidates must apply online through the NUST official recruitment portal.
Official Application Link:Apply Here