What you'll do:

• Responsible for the effective implementation of security governance practices within the organization.
• Conduct the development and maintenance of security policies, standards, processes and procedures to ensure compliance with industry regulations and best practices.
• Conduct the development of security baselines to establish minimum security requirements for existing and streamline technologies.
• Proficient in conducting security static and dynamic testing and interpreting high-level technical vulnerabilities identified through, and including penetration testing results.
• Oversee the design and implementation of security controls to protect company assets and data.
• Conduct regular assessments and audits to identify security risks and vulnerabilities, and develop mitigation strategies.
• Collaborate with cross-functional teams to ensure alignment of security governance objectives with business goals.
• Serve as a point of contact for internal and external stakeholders regarding security governance matters.
• Establishing and maintaining an effective security awareness training program that results in increased employee understanding and adherence to security policies and procedures.
• Successfully developing and implementing comprehensive security policies, standards, and procedures that align with industry regulations and best practices.
• Developing and managing a robust security program management framework and calendar that ensures timely execution of security initiatives and proactive risk management.
• Identifying and mitigating security risks through thorough assessments, implementing effective controls, and continuously monitoring and updating security measures.
• Successfully coordinating with internal and external stakeholders to address security governance requirements, respond to audits, and meet regulatory compliance obligations.

What you need to succeed in this role:

• 6+ years work experience in cybersecurity engineering roles, preferably for banking and payment companies or similar industries.
• Strong communication and organization skills.
• Good understanding and knowledge of information security fundamentals.
• Familiarity with network security and information systems security principles and best practices.
• Demonstrate a solid understanding of protocols and possess the ability to effectively plan for and handle situations that may arise while interfacing, communicating, and supporting auditors, regulators, and reviewers.
• Capable of providing expert advice on appropriate mitigation actions or compensating controls, considering the risk level associated with each identified issue.
• In-depth knowledge of security governance principles, frameworks, and best practices, Including, Possess a strong understanding of Governance, Risk, and Compliance (GRC) principles and methodologies.
• Proficient in managing security issues, conducting root cause analysis, and formulating comprehensive action plans for mitigation. Capable of advising appropriate and effective solutions to address each identified security issue.
• Strong understanding of security risk assessment methodologies and the ability to develop effective risk mitigation strategies.
• Expertise in conducting security baseline development to establish minimum security requirements for systems, networks, and applications.

It would be great if you have:

• Earned any of security, audit, and compliance-related certification e.g., Associate of (ISC), CISSP, CISA, CRISC, CISM, CompTIA Security+, ISO/IEC 27001
• Experience with security, audit and compliance contexts e.g., PCI DSS, SOC2, SOX, PCI DSS, SEC, GDPR, PDPA and ISO/IEC 27001
• Experience in managing security incidents and conducting incident response activities.
• Understanding of modern IT infrastructure; cloud environments (AWS preferred) and Linux containers and orchestration systems (Kubernetes).
• Familiarity with cloud security, network security, and emerging technologies.
• Familiarity with security governance tools and technologies.