Information Security Officer

Role Overview Information Security Officer Maintain Operational Systems, Networks and Security Responsibilities Facilitate annual PCI audits and ensure ongoing compliance.

Ensure Linux systems are patched promptly and securely, coordinating through the correct change control process if customer impact is anticipated.

Maintain and monitor Elastic SIEM, respond to alerts, and perform in-depth investigations.

Troubleshoot system issues across all technology stacks including production / QA environments, databases, networks, and integrations.

Deploy and manage tooling to enhance operations, security, and efficiency.

Research and implement new tools (open source or commercial) that improve system performance, monitoring, logging, security, or compliance.

Develop Python scripts and tools to automate repetitive tasks.

AWS Cloud Infrastructure : Securely architect and manage AWS services, including but not limited to : VPC, EC2, ECS / Fargate, ECR; GuardDuty, CloudWatch, CloudTrail.

Load balancers, VPNs, and WAFs.

Maintain robust connectivity between third parties, banking partners, and on-premises data centres.

Implement and enforce best practices in system isolation, scope reduction, and security.

Hardware Security Modules (HSM) : Support field engineers and maintain internal HSMs (Futurex, Thales).

Conduct key management ceremonies and maintain PCI compliance.

Security Governance & Compliance : Assist with audits and regulatory requirements including PCI-DSS & PCI+PIN, ISO (Stretch goal), GDPR.

Maintain accurate and current documentation of infrastructure, procedures, and security policies.

Promote a security-aware culture within the company.

Automation & Efficiency : Implement automation to enhance both infrastructure and security management; optimise costs while maintaining high security and performance standards.

Security Monitoring & Reporting : Ensure weekly vulnerability scans are completed, tracked, and resolved within SLA; review and sign off on daily / weekly PCI business-as-usual activities; analyse data and report security metrics monthly; collaborate with 3rd parties to complete and pass PCI certification audits.

Review and uphold The Companys security commitments to external partners.

Qualifications & Experience Bachelors degree in Computer Science, Information Security, or related field.

At least 3 years relevant experience in security or infrastructure roles.

Experience in the payments or banking sector preferred.

Familiarity with PCI audits, DevOps practices, Linux, MySQL, and AWS.

Skills & Knowledge Strong understanding of PCI-DSS requirements and security standards.

Hands-on experience with : Linux (security patching, system administration), MySQL, AWS services and virtual networking (VPC, ALB / NLB, WAF, VPNs, etc.).

Automation tools : CloudFormation, Ansible, Puppet, Chef.

CI / CD : Bitbucket Pipelines, Jenkins.

Scripting : Bash, Python.

Containers : Docker, Kubernetes, ECS.

Monitoring : Zabbix, Nagios.

Logging & SIEM : ELK Stack, CloudWatch, Elastic, Splunk.