Information Security Officer

About the position

Information Security Officer

Maintain Operational Systems, Networks and Security

• Facilitate annual PCI audits and ensure ongoing compliance.

• Ensure Linux systems are patched promptly and securely, coordinating through the correct change control process if customer impact is anticipated.

• Maintain and monitor Elastic SIEM, respond to alerts, and perform in-depth investigations.

• Troubleshoot system issues across all technology stacks including production/QA environments, databases, networks, and integrations.

• Deploy and manage tooling to enhance operations, security, and efficiency.

• Research and implement new tools (open source or commercial) that improve system performance, monitoring, logging, security, or compliance.

• Develop Python scripts and tools to automate repetitive tasks.

AWS Cloud Infrastructure

• Securely architect and manage AWS services, including but not limited to:

  • VPC, EC2, ECS/Fargate, ECR

  • GuardDuty, CloudWatch, CloudTrail

  • Load balancers, VPNs, and WAFs

• Maintain robust connectivity between third parties, banking partners, and on-premises data centres.

• Implement and enforce best practices in system isolation, scope reduction, and security.

Hardware Security Modules (HSM)

• Support field engineers and maintain internal HSMs (Futurex, Thales).

• Conduct key management ceremonies and maintain PCI compliance.

Security Governance & Compliance

• Assist with audits and regulatory requirements including:

  • PCI-DSS & PCI+PIN

  • ISO 27001 (Stretch goal)

  • GDPR

• Maintain accurate and current documentation of infrastructure, procedures, and security policies.

• Promote a security-aware culture within the company.

Automation & Efficiency

• Implement automation to enhance both infrastructure and security management.

• Optimise costs while maintaining high security and performance standards.

Security Monitoring & Reporting

• Ensure weekly vulnerability scans are completed, tracked, and resolved within SLA.

• Review and sign off on daily/weekly PCI business-as-usual activities.

• Analyse data and report security metrics monthly.

• Collaborate with 3rd parties to complete and pass PCI certification audits.

• Review and uphold The Companys security commitments to external partners.

What Were Looking For

Qualifications & Experience

• Bachelors degree in Computer Science, Information Security, or related field.

• At least 3 years relevant experience in security or infrastructure roles.

• Experience in the payments or banking sector preferred.

• Familiarity with PCI audits, DevOps practices, Linux, MySQL, and AWS.

Skills & Knowledge

• Strong understanding of PCI-DSS requirements and security standards.

• Hands-on experience with:

  • Linux (security patching, system administration)

  • MySQL

  • AWS services and virtual networking (VPC, ALB/NLB, WAF, VPNs, etc.)

  • Automation tools: CloudFormation, Ansible, Puppet, Chef

  • CI/CD: Bitbucket Pipelines, Jenkins

  • Scripting: Bash, Python

  • Containers: Docker, Kubernetes, ECS

  • Monitoring: Zabbix, Nagios

  • Logging & SIEM: ELK Stack, CloudWatch, Elastic, Splunk

Place of work