Information Security Officer (ISO)

• Risk Management: Identify, assess, and prioritize potential security risks to our systems, data, and networks. Develop and implement strategies to mitigate these risks effectively.
• Security Policies and Procedures: Develop, implement, and enforce security policies, standards, and procedures to safeguard sensitive information and ensure compliance with relevant regulations (eg, GDPR, PCI DSS).
• Incident Response: Lead incident response efforts, including investigation, containment, and resolution of security incidents. Implement measures to prevent future occurrences.
• Security Awareness Training: Develop and deliver training programs to educate employees on security best practices, emerging threats, and compliance requirements.
• Vendor Risk Management: Assess the security posture of third-party vendors and manage vendor relationships to ensure they meet our security standards.
• Security Architecture: Collaborate with IT and engineering teams to design, implement, and maintain secure architectures for our systems, applications, and networks.
• Security Audits and Compliance: Conduct regular security audits, assessments, and compliance reviews. Work with internal and external auditors to address findings and ensure continuous compliance with industry standards.
• Security Monitoring and Incident Detection: Deploy and manage security monitoring tools and technologies to detect and respond to security threats in real-time.
• Security Governance: Establish and chair a security governance committee to oversee security initiatives, monitor performance, and provide strategic direction to senior leadership.
• Security Incident Reporting: Prepare and present regular reports on the status of information security to senior management and relevant stakeholders.

Must have:

• Bachelors degree in Computer Science, Information Technology, EXTC or a related field. Advanced degree or professional certifications (eg, CISSP, CISM, CISA) are good to have not mandatory.
• Proven experience 2 years in information security roles, with a focus on risk management, compliance, and incident response in the fintech or financial services industry.
• knowledge of security frameworks (eg, ISO 27001, NIST Cybersecurity Framework , Soc 2) and regulatory requirements (eg, GDPR, PCI DSS, PSD2).
• Strong understanding of networking, encryption, authentication, and security technologies.
• Excellent communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and articulate complex security concepts to non-technical stakeholders.
• Analytical mindset with a keen attention to detail and the ability to think critically and strategically about security issues.
• Proven track record of driving security initiatives, managing security projects, and achieving measurable results