About the Company :
Our client. an exciting and rapidly growing Fintech is seeking an experienced Information Security professional to assist their international expansion. The ideal candidate should have a strong background within Information Security standards and an interest in working in the Fintech industry.
- Ensure that our security and compliance accreditations GDPR, PCI DSS, ISO 9001 and ISO 27001 accreditations & ISEA3402 are achieved and maintained
- Identify the associated compliance control gaps and oversee the documentation, implementation and testing of the entire compliance control portfolio
- Develop and implement compliance control monitoring programs to ensure compliance-related risks are managed to the appropriate level of acceptable residual risk.
- Implement and maintain a compliance issue management tracking and resolution process that will address known issues, according to severity and potential impact to the organisation.
- Collaborate and closely work together with key internal departmental stakeholders such as Product, Engineering, IT Infrastructure and Finance to achieve and maintain our security and compliance accreditation.
- Report the levels of compliance risk and control effectiveness to key stakeholders such as the Board, Suppliers, Legal management, Regulators, Internal/External auditors, etc.
- Coordinate audit-related tasks such as ensuring the readiness of managers and their organisations for audit testing and facilitating the timely resolution of any audit findings.
- Provide technological advice and insight on compliance requirements to non-IT leaders
- Assist business and IT managers with the acquisition of tools and expertise to assist with compliance- related projects and initiatives.
- Execute a compliance training and awareness program that periodically educates the requisite end-user community on the relevant compliance requirements, and certifies their adherence to the relevant compliance controls.
- Assist in Business continuity planning and review
- Execute security awareness trainings for all employees and secure coding training for all developers
- Excellent understanding of information security concepts, protocols, industry best practices and strategies.
- Experienced in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
- Strong analytical skills to analyse security requirements and relate them to appropriate security controls.
- Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
- A strong understanding of the business impact of security tools, technologies and policies.
- (In-depth) knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls;
- Hands-on, able to see the holistic picture as well be able to dive in the details / depth and vice versa.
- Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the all layers of the organisation;
- Project management skills and Risk assessment.
- The ability to work effectively together with internal key stakeholders.
- Pro-active/self-starter, capable to work with minimal supervision.
- Experience and/or a strong understanding of GDPR
- Experience and/or an understanding of operating system internals and network protocols.
- Experience and/or an understanding of application technology security testing.
- Experience and/or an understanding of system technology security testing (vulnerability scanning and penetration testing).
- CISA, CISM and/or CISSP Certifications.
- A minimum of five (5) years’ experience in an Information Security role.
- A minimum of five (5) years of IT experience.
- A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred.
- Experienced with ISO 27001 and PCI-DSS.