Risk, Compliance & Application Security Expert

MINDPICKED is a new generation recruitment firm providing companies with tailored talent solutions, and professionals with the right opportunities to reach their potential.

We specialize in middle and senior management recruitment across various industries and countless functions.

We are currently seeking a "Risk, Compliance & Application Security Expert" for our client, a software development company providing e-commerce infrastructure solutions.

Key Responsibilities:

• Manage and maintain PCI DSS (Service Provider Level 1) and ISO 27001 compliance and certification processes,
• Identify and analyze security vulnerabilities, and propose effective technical and organizational controls,
• Plan and coordinate penetration tests and monitor remediation progress,
• Perform regular vulnerability assessments using tools such as Nessus, Qualys,
• Conduct risk assessments and develop corrective action plans,
• Monitor and report using SIEM and GRC tools,
• Prepare documentation for internal and external audits,
• Promote internal security and compliance awareness across teams.

Qualifications:

• Strong understanding of PCI DSS and ISO 27001 frameworks,
• Experience with vulnerability scanning tools (e.g., Nessus, Qualys) and SIEM platforms,
• Familiarity with GRC systems and compliance reporting processes,
• Ability to independently lead and manage security and compliance workflows,
• Effective coordination and communication skills across software, infrastructure, and audit teams,
• Proactive approach to building internal awareness and supporting security culture,
• Excellent skills in documentation, audit preparation, and risk analysis,
• Strong command of spoken and written English,
• Preferred certifications: OSCP, CEH, ISO 27001 Lead Auditor, CISA.