The Information Security Director develops, shapes, and maintains Sycurio’s information security capability, driving the attainment and maintenance of the ISO27001, PCI-DSS, and SOC2 compliance. They are the subject matter expert on all things regarding security and compliance, owning the information risk management processes. They are the thought leader on all matters within the security and compliance domain such that the company remains secure against the ever-changing security threat and compliance landscape.
Information Security Strategy
1. Create and maintain the Company’s strategy, ensuring alignment to the Company’s strategy and business goals.
2. Work across internal and external stakeholders, communicating the information security strategy to relevant parties and providing assurance of policies, procedures, and systems.
3. Develop, maintain, and expand the information security management system (‘ISMS’) to optimise compliance for ISO27001, PCI-DSS, and SOC2.
4. Identify gaps in the information security capability, both technical and operational, and propose remediation and mitigation plans and solutions.
5. Responsible for the Company’s information security capability, ensuring it remains secure against an ever-changing threat landscape.
Operational Input
1. Contribute to design and architectural decisions and improve the approach to the Company’s threat modelling.
2. Lead on information security incidents and work directly with internal teams and external parties on containment and mitigation activities.
3. Execute threat simulations.
4. Assess emerging and potential security threats and act proactively to mitigate relevant threats.
5. End-to-end vulnerability management. Manage the security toolset.
6. Act as the security “face” of Sycurio to its customers, suppliers, and auditors, supporting both in-life and sales engagements.
7. Manage and participate in the response to security questionnaires from customers and prospects.
Key Qualifications, Skills, Experience
Qualifications:
1. Bachelor's degree in Computer Science, Cybersecurity, or related field (Master's preferred).
2. Industry certifications such as CISSP, CISM, CISA, or equivalent.
Experience:
1. 10+ years of information security experience. Financial/Fintech services/payments desirable.
2. Deep knowledge of security frameworks (PCI, ISO 27001, NIST) and regulations (GDPR, CCPA).
3. Experience with PCI DSS compliance and implementation.
4. Proven success in managing external auditors to achieve positive outcomes.
5. Expert in information security with strong communication and stakeholder management skills.
6. Experience in managing security incidents and leading incident response.
7. Experience with security assessment tools and vulnerability management.
8. Strong vendor management and third-party risk assessment experience.
Skills:
1. Strong understanding of cloud security principles and best practices, particularly in AWS.
2. Solid understanding of payment processing systems and associated security controls.
3. Good communication and interpersonal skills, with the ability to effectively communicate security-related questions to technical and non-technical stakeholders (employees, customers, or partners).
4. Project management skills, with the ability to manage projects such as processes implementation and improvement, security systems implementation.
5. Ability to collaborate cross-functionally and influence stakeholders at all levels of the organisation.
6. Good knowledge of Dev(Sec)Ops and how to implement secure software development practices.
#J-18808-Ljbffr