If you're looking for a unique opportunity to be part of an InfoSec organization with the oversight to design and implement Payroc's growth and industry-changing strategic objectives - read on.
At Payroc, we're building the next generation of capabilities that powers our merchant-first ecosystem. The radical and responsible delivery of value is our mandate. We believe that focused and empowered teams can do great things. You'll find that we're a curious, driven, and pragmatic bunch who believe in outcomes over outputs, and we're looking for like-minded individuals to join us on our journey.
What we're obsessive about:
- Small teams, big things: We'll convey the outcomes our merchants require, provide you with the support and tools to succeed, and then we let you work your magic, with no needless processes to get in your way.
- Develop, grow, thrive: We promote a philosophy where you can develop and grow as an individual and team. We encourage you to approach problems in unique ways, try new techniques, learn from your colleagues and master your craft.
- Real people, real problems: We develop solutions to solve real-world challenges faced by our merchants. Our Team Members collaborate to build the right things the right way. We are curious about how things work, and we believe that sharing ideas and insights leads to better, more innovative products.
As part of a dedicated and skilled team at Payroc, you will be responsible for monitoring and auditing Payroc's security controls; helping to define and strengthen our Cyber capabilities. This will include auditing IT controls such as, Privilege Management, Perimeter, Endpoint Protection, Vulnerability Management, FIM, WAF, DLP, and SIEM solutions. Supporting teams and implementing remediation of identified issues, both at a system and security device level. The Analyst also collects, analyzes, investigates, and leads on security incidents, working with the Security Architects and other teams to help ensure a strong security posture.
We are open to hiring motivated and technically savvy professionals interested in taking their security career to the next level. We offer the opportunity to develop your security skills and experience, working closely with our Security Architects, who will provide you with the opportunity to be involved in security projects, new security technology investments and encourage you to succeed and develop.
Duties and Responsibilities
- Perform formal risk analysis and security design reviews, applying policies and standards consistently to projects. Esuring security is managed inline with Payroc's risk appetite and regulatory/legal requirements.
- Work with IT, Compliance, and Legal partners to review and provide security guidance on current and new processes and maintain evidence and artifacts for all audits.
- Identify and analyze new requirements for policy impacts; develop and update policies, procedures, standards, and guidelines.
- Organize and track cybersecurity audit engagements (e.g., PCI, PA-DSS, P2PE) and due diligence activities. Use working knowledge of information security best practices to ensure IT controls are in place to meet our external audit and client requirements.
- Conduct design reviews of cloud-based services and other cloud services affecting public, private, or hybrid cloud infrastructures, risk rank results, and present to security leadership.
- Manage/coordinate remediation efforts after security assessments outline weaknesses requiring attention.
- Implement and support key information security program priorities, initiatives, plans, practices, and tools.
- Drive the vulnerability management program, coordinate regular scans, reports, and create a plan to remediate found vulnerabilities in accordance with company policy.
- Conduct threat and vulnerability assessments to properly analyze the risks to information security and determine appropriate measures to manage those risks effectively.
- Understand potential and emerging information security threats, vulnerabilities and communicate this information to appropriate team members throughout the company on a timely basis.
- Ensure delivery of security awareness training to new hires and annual refresher training.
- Work as a senior member of the incident management and response team to identify, detect, contain, and respond to intrusions.
- Oversee regular privileged access reviews per policy in company SaaS, PaaS and IaaS platforms.
- Responsible for the maintenance of security and operations procedure documentation.
- Develop, document, and implement information security procedures to enforce information security standards and guidance.
- Research and stay updated with current information security topics, information technology, equipment, and systems.
- Plan, coordinate, and execute Information Security / special projects.
- Create process flows to better define, measure, improve, analyze, and control security and privacy processes.
- Bachelor's Degree or equivalent work experience. Experience in the credit card acquiring/processing industry is preferred.
- 10+ years experience in Information Security within enterprise environments.
- Security/Networking certifications (i.e., CISSP, CISM, CISA, CISM, GIAC, CCNA).
- Appreciation of the Payment Card Industry (PCI) data security standards (PCI DSS) and the payment application data security standards (PA DSS) as well as experienced in the implementation of controls to mitigate PCI issues.
- Solid understanding of information security standards and best practices for securing computer systems within applicable laws and regulations.
- Proven experience in identifying and auditing potential IT controls, risks, issues and opportunities through and offering sustainable recommendations that address the root cause rather than symptoms.
- Extensive experience and in-depth working knowledge across multiple technical disciplines, including one or more of the following; Privilege Access Management, Active Directory, IDS/IPS, Firewalls, SIEM, Enterprise Anti-Malware solutions, DLP, Vulnerability Assessment tools, Technology Compliance tools, FIM and cloud infrastructure.
- Demonstrated experience overseeing the continuous monitoring and protection of information systems and tracking security metrics.
- Strong understanding of security and control frameworks, such as FFIEC, NIST, COBIT,ITIL, ISO control framework.
- Expertise with tools and processes used in security incident detection and handling.
- Expertise with security event analysis and intrusion detection (IDS/IPS Incident response - triage, incident analysis, remediation).
- Ability to perform in-depth forensic analysis to aid in finding threats/suspicious activities in the enterprise.
- Present ideas, expectations, and information in a concise, well-organized way.
- Excellent communication skills, both verbal and written.
- Ability to work independently towards goals and take the lead on defining and optimising process and procedures.
- Excellent work ethic and the ability to be a productive and reliable team member.
- Other duties as assigned.