Essential Functions

1. Develop and maintain the GRC Framework, ensuring IT Operations align with internal policies, regulatory requirements, and industry standards with ensuring compliance.
2. Lead the establishment and ongoing development of a Security Operations Center (SOC). Oversee regular security assessments and vulnerability management, and patch management Manage real time security threats & incidents to identify and quarantine threats.
3. Lead and develop the information security strategy, ensuring alignment with business objectives and a proactive approach to securing the organization's assets.
4. lead the process, assessment and implementation of annual PCI DSS certification, and oversee compliance with other relevant standards.
5. Coordinate and Conduct periodic Vulnerability and Penetration Testing exercises.
6. Co-ordinate with other departments and address their requirements regarding security compliance.
7. Provide security awareness & secure code training.
8. Recommend and ensure the implementation of defensive functions (e.g., encryption, access control, and identity management) to reduce systems exploitation opportunities.
9. Provide recommendations for security gaps mitigation.
10. Productively evaluate and recommend new security technologies that can enhance company information security.
11. Manage incident response (IT / Information Security) and support systems.
12. Conduct IT Risk assessments (infrastructure, applications, cloud, and endpoints) and maintain the IT risk Register, ensuring timely mitigation and reporting.
13. Define and monitor IT Key Risk Indicators (KRIs) and report trends to management.
14. Monitor & review firewall rules and configuration.
15. Respond to security breaches and network emergencies as necessary.
16. Document all support and maintenance activities in accordance with internal policies.
17. Assist in the development, testing, and maintenance of the organization’s business continuity and disaster recovery plans from a security perspective
18. Conduct security due diligence on third-party vendors and partners; evaluate contractual terms and SLAs to ensure security requirements are met.

Preferred Education and Experience

1. Bachelor’s degree in computer science or equivalent.
2. At least +7 years of experience in information security / security engineering or similar roles.
3. Security Certificate in security field such as (CISSP, CISM, OSCP, CEH - Security+, CCNA) is a plus.
4. Previous experience working in a payment gateway of banking facility is a plus.

Competencies

1. Strong knowledge in penetration testing & Vulnerability assessment, using industry-standard tools and methodologies.
2. Have good experience in programming / scripting language at least in of the following: PHP, JAVA, or Go.
3. Have good experience in bash scripting.
4. Have good experience in code review with ability to identify and remediate code-level vulnerabilities.
5. Implementation experience with security solutions such as: WAF, IPS, SIEM, LDP.
6. Good knowledge of the top 10 OWASP application security risks and mitigation techniques.
7. Good knowledge of PCI DSS standard and experience participating in audits and remediation processes.
8. Have knowledge of mobile applications security assessment.
9. Strong knowledge of internet standards and protocols including TCP/IP.
10. Strong skills in information security governance, including policy development, procedure writing, and risk documentation.

Roles and Key KPI’s

1. Mean Teim to Detect (MTTD) and Mean Time to Respond (MTTR) to security incidents.
2. Number of critical/high vulnerabilities identified and remediated.
3. Compliance score with PCI DSS and internal audits.
4. Completion rate for security awareness training
5. Frequency and impact rating of information security incidents.