Information Security Officer (offline)

A security specialist with strong working knowledge and understanding of information security frameworks (IS027001, ISAE3000/SOC2, SOC1, GPDR, and PCI DSS), security operations and application security best practices. A versatile Security Officer, with experience working with public cloud, in particular, AWS and the AWS security services. Particular exposure to developing, implementing, auditing and improving information security policies and procedures aligned to relevant industry frameworks/standards.

Responsibilities:


• Creating/maintaining an ISO27001 ISMS or PCI compliance project and operation.
• Performing Business Impact Analysis, risk assessment, and treatment.
• Operating, maintaining, auditing and improving Vulnerability Management, SIEM and Threat Intelligence systems.
• Perform response analytics during and after an incident, determine the root cause and proper mitigation of cybersecurity events.
• To remain up to date with the latest threats and vulnerabilities to ensure operational tools and processes are up to date, introduce process improvements and ensure incident response plans are up to date and effectively tested.
• Ensure that customer information and information systems are protected from unauthorized access/intrusion, use, disclosure, disruption, modification or destruction.
• Perform periodic internal audits against policies and procedures to ensure conformance.
• Participate and assist in external audit activities.
• Perform periodic audit, review and contribute to the continuous improvement of IT security standards, processes, and procedures.
• Knowledge of various technologies and operating systems and their related security configuration, hardening and risks, ie Linux/Unix, Mac OS, Containers, Office 365, etc.
• Deliver Information Security and awareness training programs.

Requirements:

• 5+ years experience in the payments industry required; mobile payment solutions preferred
• 3+ years experience with modern technology stacks, including cloud, big data, microservices, APIs, etc.
• 3+ years experience with mobile products and their UX/UI design and enhancement
• Strong working knowledge and understanding of information security frameworks (IS027001, ISAE3000/SOC2, SOC1, GPDR, and PCI DSS)
• Expertise in security technologies, systems, and applications
• Strong knowledge of security services and processes
• Professional Information Security Certification (CISM, CISSP)
• Excellent problem-solving and analytical skills
• Ability to educate a non-technical audience about various security measures
• Strong business English communication skills, oral and written