If you're looking for a unique opportunity to be part of an InfoSec organization with the oversight to design and implement Payroc's growth and industry-changing strategic objectives - read on.
At Payroc, we're building the next generation of capabilities that powers our merchant-first ecosystem. The radical and responsible delivery of value is our mandate. We believe that focused and empowered teams can do great things. You'll find that we're a curious, driven, and pragmatic bunch who believe in outcomes over outputs, and we're looking for like-minded individuals to join us on our journey.
What we're obsessive about:
- Small teams, big things: We'll convey the outcomes our merchants require, provide you with the support and tools to succeed, and then we let you work your magic, with no needless processes to get in your way.
- Develop, grow, thrive: We promote a philosophy where you can develop and grow as an individual and team. We encourage you to approach problems in unique ways, try new techniques, learn from your colleagues and master your craft.
- Real people, real problems:
We develop solutions to solve real-world challenges faced by our merchants. Our Team Members collaborate to build the right things the right way. We are curious about how things work, and we believe that sharing ideas and insights leads to better, more innovative products.
As a Staff Engineer within Information Security, you'll work closely with our Tech Operations, Business Operations, and engineering teams. You'll be focused on promoting Infosec processes, policies, and practice. Contributing to attracting and developing junior talent within InfoSec will be an ongoing responsibility.
This role is responsible for monitoring and enforcing information security standards for Payroc. This position also requires contributions to Payroc information security strategies. The incumbent will serve as an expert advisor to management in developing, implementing, and maintaining a global information security infrastructure. They will ensure best practice control objectives for system integrity, availability, confidentiality, accountability, and assurance fall within the context of the risk tolerance set by the senior management of Payroc.
Duties and Responsibilities
- Implement and support key information security program priorities, initiatives, plans, practices, and tools.
- Contribute to information security project plans and be responsible for the delivery of components such projects.
- Provide and implement guidance or recommendations regarding controls that mitigate risks, strengthen defenses, and reduce vulnerabilities.
- Maintain and contribute to comprehensive information security standards, policies, procedures, and guidelines.
- Conduct threat and vulnerability assessments to properly analyze the risks to information security and determine appropriate measures to manage those risks effectively.
- Advise the organization on risk issues related to information security and recommend actions supporting the business goals of Payroc.
- Sustain awareness of security trends, technologies, legal and compliance requirements.
- Understand potential and emerging information security threats, vulnerabilities and communicate this information to appropriate team members throughout the company on a timely basis.
- Support business units as necessary to investigate security breaches.
- Engage and support outside consultants as appropriate for information security audits.
- Support regular and ongoing monitoring of and reporting on corporate compliance with information security standards and policies.
- Execute the investigation of security breaches or potential breaches and assist with disciplinary and legal matters associated with such violations.
- Contribute to the development and enforcement of information security and privacy policies in compliance with federal and state regulations and standards.
- Engage in promoting and refining the corporate security awareness and training program.
- Collaborate with business units to deliver essential security tips and guidance to merchants and partners.
- Work with multiple subject matter experts across various domains to ensure compliance under PCI-DSS, PA-DSS, and P2PE standards.
- Bachelor's Degree or equivalent work experience. Experience in the credit card acquiring/processing industry is preferred.
- 10+ years experience in Information Security within enterprise environments.
- Security/Networking certifications (i.e., CISSP, CISM, GIAC, CCNA).
- Understanding and awareness of the Payment Card Industry (PCI) data security standards (PCI DSS) and the payment application data security standards (PA DSS) as well as experienced in the implementation of controls to mitigate PCI issues.
- Extensive experience and in-depth working knowledge across multiple technical disciplines, including one or more of the following; IDS/IPS, Firewalls, SIEM, Enterprise Anti-Malware solutions, DLP, Vulnerability Assessment tools, Technology Compliance tools, FIM.
- Expertise with tools and processes used in security incident detection and handling.
- Expertise with security event analysis and intrusion detection (IDS/IPS Incident response - triage, incident analysis, remediation).
- Ability to perform in-depth forensic analysis to aid in finding threats/suspicious activities in the enterprise.
- Working knowledge of Windows and Linux Operating Systems.
- Working knowledge of networking protocols (i.e., FTP, HTTP, DNS, DHCP, RADIUS, SNMP, SSH, Syslog, and SMTP).
- Present ideas, expectations, and information in a concise, well-organized way.
- Excellent communication skills, both verbal and written.
- Ability to work independently towards goals.
- Excellent work ethic and the ability to be a productive and reliable team member.
- Other duties as assigned.