Information Security Officer at scaling Fintech (AWS, ISO27001, SIEM, PCI, Cyber Security)
Form3 is a disruptive Fintech startup on a mission to make payments easier, faster and cheaper for Fintechs, challenger banks, ecommerce gateways, card providers and traditional banks wanting to reinvent themselves. Our customers include everyone from FinTech, challenger banks, ecommerce gateways and card providers, through to older traditional banks that are trying to reinvent themselves.
LIFE AT FORM3
We’re an open, diverse and friendly bunch who believe everyone has a voice. Our team is a mixture of banking experts, techies, artists, marketers, and customer advocates. Here at Form3 you’ll get the opportunity to be part of our rapidly scaling business, with some of the brightest talents in tech and payments, working in one of the highest growth sectors and the hottest location for payment Fintech in the world.
WHAT WE ARE LOOKING FOR
We’re looking for an experienced Information Security Officer/cyber Security Analyst to support our current Head of Information Security. A security specialist with strong working knowledge and understanding of information security frameworks (IS027001, ISAE3000/SOC2, SOC1, GPDR and PCI DSS), security operations and application security best practices. A versatile Security Officer, with experience working with public cloud, in particular AWS and the AWS security services would be beneficial. Exposure to developing, implementing, auditing and improving information security policies and procedures aligned to relevant industry frameworks/standards.
- In depth Knowledge and experience in a security role with strong working knowledge and understanding of information security frameworks in particular IS027001, ISAE3000/SOC2, SOC1, GPDR and PCI DSS, security operations and application security best practices.
- Experience in developing, writing, implementing, auditing and improving information security policies and procedures aligned to relevant industry frameworks/standards to ensure security and compliance accreditations are achieved and maintained.
- Experience creating/maintaining an ISO27001 ISMS or PCI compliance project and operation.
- Experience in performing Business Impact Analysis, risk assessment and treatment.
- Experience operating, maintaining, auditing and improving Vulnerability Management, SIEM and Threat Intelligence systems.
- Experience in security incident response, forensic security investigations, management and remediation of identified and day zero vulnerabilities, alerts, threats and breaches.
- Perform response analytics during and after an incident, determine root cause and proper mitigation of cyber security events.
- A deep understanding of how hackers work and ability to keep up with the fast pace of change in the criminal cyber-underworld.
- To remain up to date with the latest threats and vulnerabilities to ensure operational tools and processes are up to date, introduce process improvements and ensure incident response plans are up to date and effectively tested.
- To ensure that customer information and information systems are protected from unauthorised access / intrusion, use, disclosure, disruption, modification or destruction.
- Perform periodic internal audits against policies and procedures to ensure conformance. Participate and assist in external audit activities.
- Perform periodic audit, review and contribute to the continuous improvement of IT security standards, processes and procedures.
- Good knowledge of security technologies and controls such as Networking, Application and ‘Next Generation’ Firewalls, IDS/IPS, Proxies, security monitoring, FIM, WAF, DLP, Vulnerability Management, malware, antivirus and endpoint protection.
- Knowledge of various technologies and operating systems and their related security configuration, hardening and risks, ie Linux/Unix, Mac OS, Containers, Office 365, etc.
- In-depth knowledge of Cryptographic controls, secure communications, PKI, hash and encryption technologies, ciphers, including IPsec VPN, TLS/SSL and certificates.
- Experience with Public Cloud in particular AWS and AWS security services.
- Deliver Information Security and awareness training programs.
- Reporting and liaising with stakeholders.
- Excellent analytical, written and verbal communication skills.
- Self-motivated, self-starter who can work in a complex environment.
- Experience with Qualys, Synk, AlienVault USM, Trend Micro Deep Security and Carbon Black.
- ISO 27001 Lead Auditor or ISO 27001 Lead Implementor qualifications.
- Penetration testing experience.
- Container security. Docker containers, Kubernetes and general docker experience is preferred.
- Experience within the Financial Services industry.
- Knowledge of UK financial sector regulation.
- Experience in contract negotiations, dealing with and managing security service providers and third parties.