8 Cybersecurity Jobs at National Bank of Pakistan NBP Karachi 2026

About the Organization

The National Bank of Pakistan (NBP), one of the country's leading and largest commercial banks, has announced major career opportunities within its Risk Management division. NBP aims to support the financial well-being of the nation while transforming the institution into a future-fit, agile, and sustainable organization.

Applications are invited from talented, dedicated, and experienced professionals for multiple high-level Information Security and IT Risk positions based in Karachi. All roles are on a three-year renewable contract basis based on management discretion, offering competitive market-aligned compensation packages.

Job Advertisement Overview

• Organization: National Bank of Pakistan (NBP)
• Location: Karachi, Pakistan
• Job Type: Contractual Basis (3 Years - Renewable)
• Sector: Banking / Government / Information Security
• Publication Date: May 24, 2026
• Last Date to Apply: June 03, 2026 (Within 10 working days of publication)

Detailed Positions, Qualifications & Scope of Work

1. Department Head – IS Trainings (AVP / VP)

• Reporting To: Wing Head – IS Program Management
• Educational/Professional Qualification: Minimum Graduation or equivalent from a local or international university/college/institute recognized by the HEC. Candidates having Bachelors or Masters degree in Computer Science / Information Systems / Information Technology / Technology Engineering or any other relevant professional certification(s) will be preferred.
• Experience: Minimum 08 years of experience in Information Technology and / or Information Security, out of which 03 years must be in a relevant area of Information Security Management and / or Trainings.
• Other Skills / Expertise / Knowledge Required:
• Good knowledge of Information Security functions.
• Well-versed with SBP guidelines regarding Information Security.
• Excellent interpersonal and people management skills.
• Ability to design and deliver engaging training programs.
• Experience with training software and tools.
• Outline of Main Duties / Responsibilities:
• Lead the design, development, and delivery of information security training programs.
• Liaison with staff colleges for the implementation of information security training programs and scheduling of IS-related trainings.
• Develop and implement a comprehensive information security training strategy.
• Mentor and manage a team of information security officers.
• Conduct needs assessments to identify training requirements.
• Collaborate with other departments to integrate information security training into existing training programs.
• To plan, monitor, and manage the information security training budget.
• Track and report on training metrics and effectiveness.
• Stay up-to-date with industry trends and best practices in information security training.
• Perform any other assignment as assigned by the supervisor(s).

2. Department Head – Threat Management (AVP / VP)

• Reporting To: Wing Head – Information Security Operations and Threat Management
• Educational/Professional Qualification: Minimum Graduation or equivalent from a local or international university/college/institute recognized by the HEC. Candidates having Bachelors or Masters degree in Computer Science / Information Systems / Information Technology / Technology Engineering or any other relevant professional certification(s) will be preferred.
• Experience: Minimum 08 years of experience in Information Technology and / or Information Security, out of which 03 years must be in Information Security Operations / Monitoring and / or Threat Management. Candidates having relevant working experience in banking or large-scale organizations will be preferred.
• Other Skills / Expertise / Knowledge Required:
• Good knowledge of Information Security functions.
• Well-versed with SBP guidelines regarding Information Security.
• Good interpersonal and people management skills.
• Understanding of incident management, cyber security monitoring, and detection tools.
• Outline of Main Duties / Responsibilities:
• Protect the whole infrastructure devices and public-facing assets from emerging threats and vulnerabilities affecting the organization from across the world so the organization can proactively protect against them.
• Track and provide information on global security threats and help the organization mitigate relevant risks on a continuous and proactive basis.
• Conduct continuous monitoring of global threats and vulnerabilities to tackle evolving threats and vulnerabilities – 24*7*365.
• Provide trusted, detailed reports on newly discovered malicious threats and malware in the wild.
• Detail the threat with information appropriate to the organization, such as the asset types, risk involved, and systems affected.
• Provide early warning and summaries of the threat and exploit parameters.
• Define mitigation strategies and provide recommendations for the organization to prevent the threat from causing harm to the environment.
• Prevent infiltration of malicious hackers and other communities.
• Monitor network activities and discern risks to the organization's environment.
• Provide advice/advisories to the organization on relevant threats and vulnerabilities.
• Ensure threats and vulnerabilities are mitigated in organization's systems and provide inputs to long-term strategy/plans.
• Ensure continuous tracking of dashboards for management reporting.
• Assist the organization in taking relevant decisions and assessment of inherent and residual risk.
• Lead and conduct Red Teaming and VA/PT exercises.
• Perform any other assignment as assigned by the supervisor(s).

3. Department Head – Database Security (AVP / VP)

• Reporting To: Wing Head – Application & Database Security
• Educational/Professional Qualification: Minimum Graduation or equivalent from a local or international university/college/institute recognized by the HEC. Candidates having Bachelors or Masters degree in Computer Science / Information Systems / Information Technology / Technology Engineering or any other relevant professional certification(s) will be preferred.
• Experience: Minimum 08 years of experience in Information Technology and / or Information Security, out of which 03 years must be in database management and / or monitoring and / or security implementation.
• Other Skills / Expertise / Knowledge Required:
• Well-versed with SBP guidelines regarding Information Security.
• Excellent interpersonal and people management skills.
• Knowledge of performing control assessments of business applications, processes, and IT solutions.
• Outline of Main Duties / Responsibilities:
• Review database security architecture and recommend controls.
• Perform Information Security Risk / vulnerability assessment of databases and suggest their remediation.
• Conduct due diligence and security baselining of new databases and technologies.
• Develop and manage the database security program and recommend secure configurations of databases.
• Coordinate with internal / external teams to implement database monitoring solutions to improve security.
• Utilize database tools/software to manage, monitor, secure, and improve database systems security.
• Analyze reviews of different database solutions and provide technical guidance to improve overall security.
• Design and support implementation and maintenance of database monitoring solutions (e.g., IBM Guardium, Oracle Vault, Database Firewall, Imperva, etc.).
• Monitor and generate periodic status dashboards for management reporting.
• Identify, evaluate, and recommend tools for automation and handling of Information Security controls.
• Assist supervisor and IT staff in managing cyber defense at the data/auth layer.
• Assist supervisor and IS / IT staff in ensuring that related audit findings are timely closed.
• Perform any other assignment as assigned by the supervisor(s).

4. IS Applications / Cloud Security Reviewer (OG-I / AVP)

• Reporting To: Department Head – IS Digital Channels
• Educational/Professional Qualification: Minimum Graduation or equivalent from a local or international university/college/institute recognized by the HEC. Candidates having Bachelors or Masters degree in Computer Science / Information Systems / Information Technology / Technology Engineering or any other relevant professional certification(s) will be preferred.
• Experience: Minimum 04 years of experience in Information Technology and / or Information Security, out of which 02 years must be in application security and / or cloud security or related field.
• Other Skills / Expertise / Knowledge Required:
• Good knowledge of Information Security functions.
• Sound interpersonal, analytical, and problem-solving skills.
• Team player with ability to prioritize and meet strict deadlines.
• Knowledge of security principles, threat analysis, and risk management.
• Outline of Main Duties / Responsibilities:
• Perform in-depth security reviews of applications and cloud services to identify security weaknesses and vulnerabilities.
• Conduct threat modeling and risk assessments to determine potential impact and likelihood of security threats.
• Collaborate with development teams to ensure secure coding practices and implement security controls.
• Review and assess cloud service providers' security controls and compliance with industry standards.
• Develop and maintain application and cloud security standards, procedures, and guidelines.
• Stay up-to-date with emerging threats, technologies, and industry trends in application and cloud security.
• Participate in application development and deployment projects to ensure secure development and deployment practices.
• Conduct security testing and validation to ensure effectiveness of security controls.
• Identify and report security incidents and vulnerabilities to management and relevant stakeholders.
• Develop and maintain documentation on security policies, procedures, and standards.
• Ensure compliance with industry regulations and standards.
• Provide training and awareness programs for development and operations teams on application and cloud security best practices.
• Perform any other assignment as assigned by the supervisor(s).

5. Technology Integration Manager (OG-I / AVP)

• Reporting To: Department Head – SOC Engineering
• Educational/Professional Qualification: Minimum Graduation or equivalent from a local or international university/college/institute recognized by the HEC. Candidates having Bachelors or Masters degree in Computer Science / Information Systems / Information Technology / Technology Engineering recognized by the HEC / any other relevant professional certification(s) will be preferred.
• Experience: Minimum 04 years of experience in Information Technology and / or Information Security, out of which at least 02 years must be in security technology integration and / or a related field.
• Other Skills / Expertise / Knowledge Required:
• Good knowledge of Information Security functions and frameworks.
• Sound interpersonal, analytical, and problem-solving skills.
• Strong team player with the ability to prioritize tasks and meet strict deadlines.
• Experience with various security technologies and SOC operations.
• Ability to communicate effectively with cross-functional teams and stakeholders.
• Familiarity with industry standards and best practices in Information Security (e.g., ISO 27001, NIST) will be an added advantage.
• Outline of Main Duties / Responsibilities:
• To lead the integration of Information Security / SOC tasks with solving enterprise systems and infrastructure.
• To ensure seamless data flow, interoperability, and secure communication between different security systems.
• To identify, analyze, and resolve architectural and integration-related issues within the Information Security ecosystem.
• Collaborate with IT Architecture and relevant teams to design and implement scalable, secure, and efficient solutions.
• To conduct periodic assessments of system architecture and recommend improvements for security posture enhancement.
• To monitor and maintain the health, performance, and availability of integrated systems.
• To perform routine system checks, upgrades, patches, and maintenance activities to ensure system reliability and security compliance.
• Act as a point of contact for integration and system issues promptly, and ensure minimal downtime.
• To plan, coordinate, and execute integration projects in line with defined timelines and organizational objectives.
• Track project progress and functional teams to ensure timely achievement of project milestones and deliverables, and to prepare and present status reports to stakeholders.
• To liaison with internal and external stakeholders to understand requirements, provide technical expertise, and ensure alignment with business needs.
• To foster strong working relationships and ensure effective communication across all relevant functions.
• To develop and maintain comprehensive documentation for all integration processes, configurations, and system architectures.
• To provide training, guidance, and ongoing support to team members on integrated systems and best practices.
• To ensure all integrations comply with internal policies, regulatory requirements, and information security standards.
• To perform any other assignment as assigned by the supervisor(s).

6. Threat Researcher (OG-I / AVP)

• Reporting To: Department Head – Threat Management
• Educational/Professional Qualification: Minimum Graduation or equivalent from a local or international university/college/institute recognized by the HEC. Candidates having Bachelors or Masters degree in Computer Science / Information Systems / Information Technology / Technology Engineering or any other relevant professional certification(s) will be preferred.
• Experience: Minimum 04 years of experience in Information Technology and / or Information Security, out of which at least 02 years must be in Information Security Operations and / or Digital Forensics.
• Other Skills / Expertise / Knowledge Required:
• Good knowledge of Information Security functions.
• Sound interpersonal, analytical, and problem-solving skills.
• Team player with ability to prioritize and meet strict deadlines.
• Knowledge of incident management, cyber security monitoring, and detection tools.
• Outline of Main Duties / Responsibilities:
• To responsible for organization-wide threat hunting, threat detection, handling, and response.
• Conduct in-depth research and analysis in various cyber security domain areas.
• To establishing attack baselines and using threat research results to operationalize findings into security analytics and detections.
• Responsible for brainstorming threats, and designing additional detection capabilities.
• To researches and advances theories, techniques, and approaches to secure computer, cyber resiliency, cyber defense, and analysis.
• Provide documentation on produced cyber intrusions and document findings.
• To enhance understanding of tools and malware through reverse engineering.
• To produce high-quality, actionable intelligence reporting.
• To communicating technical information to non-technical stakeholders, such as the detection of malicious activity.
• To responsible for identifying security inventiveness and standards.
• To perform any other assignment as assigned by the supervisor(s).

7. Officer Information Security Review (OG-II / OG-I)

• Reporting To: Wing Head – IS Risk Management
• Educational/Professional Qualification: Minimum Graduation or equivalent from a local or international university/college/institute recognized by the HEC. Candidates having Bachelors or Masters degree in Computer Science / Information Systems / Information Technology / Technology Engineering or any other relevant professional certification(s) will be preferred.
• Experience: Minimum 03 years of experience in Information Technology and / or Information Security, preferably in information security reviews.
• Other Skills / Expertise / Knowledge Required:
• Understanding of Information Security functions.
• Good interpersonal skills.
• Team player with ability to prioritize and meet strict deadlines.
• Awareness of cyber security monitoring and detection tools.
• Outline of Main Duties / Responsibilities:
• To assess architecture and components of web applications for vulnerabilities.
• To recommend remediation strategies in line with SBP and international standards.
• To provide expertise on internet-based threats including phishing, scams, and financial fraud.
• Source threat feeds and industry alerts relevant to the banking sector.
• To maintain and updates incident response and recovery plans for web security.
• To document security controls and procedures for audit and compliance purposes.
• To assist in establishing and enforcing security protocols and technical controls.
• To support secure configuration and hardening of systems and applications.
• Participate in development and testing phase of security limiting tools.
• To coordinate with development teams to address identified vulnerabilities.
• To analyze security incidents, identify root causes, and support resolution efforts.
• Document findings and recommended preventative measures.
• To verify security configurations against new SBP regulations and global standards.
• Conduct risk assessments based on internal audits or external threat intelligence.
• To work with Risk, Compliance, and Audit teams to ensure string web security governance.
• To support awareness and training initiatives across departments.
• To perform any other assignment as assigned by the supervisor(s).

8. Network Security Analyst (OG-II / OG-I)

• Reporting To: Department Head – Network Security
• Educational/Professional Qualification: Minimum Graduation or equivalent from a local or international university/college/institute recognized by the HEC. Candidates having Bachelors or Masters degree in Computer Science / Information Systems / Information Technology / Technology Engineering or any other relevant professional certification(s) will be preferred.
• Experience: Minimum 03 years of experience in Information Technology and / or Information Security, out of which 02 years must be in the relevant area of Network Security Management / Implementation / Assessment.
• Other Skills / Expertise / Knowledge Required:
• Understanding of Information Security functions.
• Good interpersonal skills.
• Team player with ability to prioritize and meet strict deadlines.
• Awareness of cyber security monitoring and detection tools.
• Outline of Main Duties / Responsibilities:
• To develop and facilitate implementation of infrastructure security policies, protocols, and standards.
• To review security architecture and recommend controls for the protection of IT infrastructure.
• To conducting regular security assessments and reviews to identify vulnerabilities and potential weaknesses within the network.
• To communicate with management and other stakeholders about network security risks and incidents, as well as strategies for mitigating those risks.
• To be the security point of contact for all levels, from technical engineers to senior management.
• To maintain and manage infrastructure security changes & request reviews.
• To conduct security assessments for infrastructure requests & changes.
• To staying up-to-date with the latest security technologies and trends to identify new security opportunities and challenges.
• To network security analysts should have a strong understanding of networking protocols, as well as experience with security tools and technologies.
• They must possess strong analytical ability to detect security threats and vulnerabilities.
• They analyze network traffic and use specialized tools to identify potential security breaches.
• To identify of security vulnerabilities and assist in the formulation of mitigation plans.
• To set policy & best security practices for partners and 3rd party integrations.
• To perform security analysis of assets and infrastructure security incidents.
• To managing the daily operation and implementation of the infrastructure security strategic initiatives.
• To prepare and maintain various cyber security reports, including KPIs and KRIs.
• To act as point of contact to security issues, responses to external stakeholders reporting and requests.
• To perform daily duties such as security analysis, controls audit, and assessments.
• To perform infrastructure test run, produce testing documentation and related reports.
• To assist Department Head in managing cyber defense at IT Infrastructure level.
• To assist Department Head in ensuring that related audit findings are timely closed.
• To perform any other assignment as assigned by the supervisor(s).

Selection & Employment Framework

• Assessment Criteria: Only shortlisted candidates matching the basic eligibility criteria outlined above will be invited for subsequent test and/or panel interview(s).
• Employment Type: 3-year contract basis, subject to renewal under the bank's operational policies.
• Equal Opportunity Policy: National Bank of Pakistan is an equal opportunity employer and welcomes applications from all qualified individuals regardless of gender, religion, or disability.
• TA/DA: No TA/DA will be admissible for any candidate appearing for tests or interviews.

How to Apply Online for NBP Jobs 2026

Eligible information security professionals must route their profiles through NBP's dedicated corporate testing partner web portal:

1. Online Career Link: Visit the official corporate career processing engine at www.sidathyder.com.pk/careers.
2. Form Submission: Locate the NBP Risk Management opportunities section, choose your matched job title, fill out the qualification matrices completely, and upload your high-resolution resume.
3. Application Deadline: All entries must be finalized within 10 working days of the news print publication, setting the strict deadline to June 03, 2026.

Expert Advice for Applicants

• Cross-Reference State Bank Regulations: For the senior slots (Department Heads & Reviewers), State Bank of Pakistan (SBP) cybersecurity regulations and frameworks are heavily stressed in the core duties. Ensure your CV summary explicitly notes your practical history implementing or auditing compliance protocols under SBP's Information Security guidelines.
• Match Specific Security Tools: If you are targeting the Database Security track, ensure specialized database protection suites like IBM Guardium, Oracle Vault, or Imperva are listed under your technical skills inventory block. Doing so maps directly to the system's tracking criteria.
• Track Reporting Roles Correctly: Pay attention to the "Reporting To" hierarchies highlighted in the criteria. Tailor your resume descriptions to show how you have historically communicated high-risk structural exposures directly up to higher corporate governance entities (e.g., Wing Heads, CISO offices).