InfoSec Officer

We are seeking a proactive and experienced Information Security Officer (ISO) to lead our efforts in protecting sensitive information, ensuring compliance, and building a robust cybersecurity culture.

1. Strategy & Governance:

   • Develop and maintain the company's information security policies, standards, and guidelines.
   • Create and implement a comprehensive cybersecurity strategy aligned with business goals.
   • Act as the primary advisor to senior leadership on cybersecurity risks and mitigation strategies.

2. Risk Management:

   • Identify, assess, and mitigate security risks across the organization.
   • Conduct regular risk assessments and vulnerability testing.
   • Ensure compliance with regulatory requirements (e.g., GDPR, PCI DSS, SOC 2, ISO 27001).

3. Incident Response:

   • Lead efforts to respond to security breaches and incidents, minimizing impact and ensuring a swift recovery.
   • Establish and manage an incident response plan, including regular tabletop exercises.

4. Technology & Operations:

   • Oversee security operations, including firewalls, intrusion detection systems, endpoint security, and SIEM tools.
   • Partner with IT to implement secure architecture and configurations.
   • Ensure data encryption and secure storage of sensitive customer information.

5. Training & Awareness:

   • Develop and deliver security awareness training for employees to foster a security-conscious culture.
   • Communicate complex security concepts to non-technical audiences effectively.

6. Vendor Management:

   • Assess and manage the security posture of third-party vendors and partners.
   • Conduct due diligence on vendors and ensure adherence to contractual security requirements.

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
• 5+ years of experience in information security, including leadership roles.
• Strong understanding of cybersecurity frameworks (e.g., NIST, ISO 27001).
• Experience with regulatory compliance and industry standards (e.g., GDPR, PCI DSS).
• Hands-on experience with security tools such as firewalls, IDS/IPS, and endpoint protection.
• Strong analytical and problem-solving skills.

• Relevant certifications such as CISSP, CISM, CEH, or CISA.
• Experience in the fintech or financial services industry.
• Knowledge of secure software development practices and DevSecOps principles.

• Competitive salary and benefits package.
• Flexible work arrangements (in-office, remote, or hybrid).
• Professional development opportunities, including certifications and training.
• A chance to make a meaningful impact in a fast-growing company