Information Security Officer

Information Security Officer

Maintain operational systems, networks, and security. Facilitate annual PCI audits and ensure ongoing compliance.

Ensure Linux systems are patched promptly and securely, coordinating through the correct change control process if customer impact is anticipated.

Maintain and monitor Elastic SIEM, respond to alerts, and perform in-depth investigations.

Troubleshoot system issues across all technology stacks, including production/QA environments, databases, networks, and integrations.

Deploy and manage tooling to enhance operations, security, and efficiency.

Research and implement new tools (open source or commercial) that improve system performance, monitoring, logging, security, or compliance.

Develop Python scripts and tools to automate repetitive tasks.

AWS Cloud Infrastructure: Architect and manage AWS services, including VPC, EC2, ECS/Fargate, ECR, GuardDuty, CloudWatch, CloudTrail, load balancers, VPNs, and WAFs. Maintain robust connectivity with third parties, banking partners, and on-premises data centers.

Implement and enforce best practices in system isolation, scope reduction, and security.

Support field engineers and maintain internal Hardware Security Modules (HSMs) such as Futurex and Thales.

Conduct key management ceremonies and maintain PCI compliance.

Security Governance & Compliance

Assist with audits and regulatory requirements, including PCI-DSS, PCI+PIN, ISO (stretch goal), GDPR.

Maintain accurate and current documentation of infrastructure, procedures, and security policies.

Promote a security-aware culture within the company.

Automation & Efficiency

Implement automation to enhance infrastructure and security management.

Optimize costs while maintaining high security and performance standards.

Security Monitoring & Reporting

Ensure weekly vulnerability scans are completed, tracked, and resolved within SLA.

Review and sign off on daily/weekly PCI business-as-usual activities.

Analyze data and report security metrics monthly.

Collaborate with third parties to complete and pass PCI certification audits.

Review and uphold the company's security commitments to external partners.

Qualifications & Experience

Bachelor's degree in Computer Science, Information Security, or related field.

At least 3 years of relevant experience in security or infrastructure roles.

Experience in the payments or banking sector is preferred.

Familiarity with PCI audits, DevOps practices, Linux, MySQL, and AWS.

Skills & Knowledge

Strong understanding of PCI-DSS requirements and security standards.

Hands-on experience with Linux (security patching, system administration), MySQL, AWS services, and virtual networking (VPC, ALB/NLB, WAF, VPNs).

Automation tools: CloudFormation, Ansible, Puppet, Chef. CI/CD: Bitbucket Pipelines, Jenkins. Scripting: Bash, Python. Containers: Docker, Kubernetes, ECS. Monitoring: Zabbix, Nagios. Logging & SIEM: ELK Stack, CloudWatch, Elastic, Splunk.