You will report directly to the CEO, collaborate closely with the Engineering team, and be responsible for the information security framework and roadmap, prioritising the initiatives to be implemented.
Key points that a candidate MUST have:
- Payments and PCI experience
- Governance, Risk & Compliance
- Strong hands-on technical experience
- Strong Cloud experience
What you’ll be doing…
- Lead the information and cyber security efforts from a governance, risk and compliance perspective.
- Drive the awareness and adoption of the desired cyber security culture and behaviours through a growing organisation
- Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) as our platform undergoes development and integrates with third parties
- Collaborate with our Security Engineer to perform security analysis of the AWS cloud architecture and other assets.
- Facilitate internal and external security audits to ensure mandatory certifications are maintained (PCI-DSS) and achieved (ISO 27001).
- Provide input into proposals and RFP responses to address information security requirements
- Engage with our customers and provide responses to their security queries.
- Perform internal cyber security assurance activities
- Assess the effectiveness of security controls
- Oversee security and compliance remediation work.
- Ensure that information and cyber security standards, policies, and procedures reflect best practices and are relevant, accessible, understood and followed
- Plan and deliver security training for all staff.
- Provide coaching and mentoring in all aspects of security
What you will bring...
- Experience working within a PCI-DSS or ISO 27000 compliance based organisations.
- Experience in Governance, Risk and Compliance tools
- Understanding of Cyber Security risk management
- Experience in conducting security compliance and assurance activities in a cloud based (AWS) architecture.
- Understanding of cyber security industry best practices such as ISO 27001, PCI-DSS, NIST CSF
- One or more of CISSP, CISM, CCSP.
- Demonstrated ability to apply security frameworks, policies and standards.
Nice to have…
- Cyber and Information Security Consulting
- System Architecture
- Payment processing
- Security tools
- Mobile application development security best practices
- Open Web Application Security Project
- Disaster recovery, technologies and methods.
What's in it for you?
This is a fast growing organisation with lots of career opportunities and the ability to drive an excellent career pathway.
To learn more and have access to a more complete job description listing the full responsibilities, please apply by sending your CV via the big button below