The Information Security Officer will be responsible for leading and managing the organization's
information security strategy, ensuring compliance with ISO 27001 and PCI-DSS standards. This
role involves overseeing the audit and implementation processes and controls, ITGC and
managing the Security Operations Center (SOC)

Key Responsibilities:

1. ISO 27001 and PCI-DSS Compliance

•  Lead the development, implementation, and maintenance of information security 
• policies, procedures, and guidelines in accordance with ISO 27001 and PCI-DSS 
• standards.
•  Conduct regular internal audits to ensure compliance with relevant standards and 
• regulatory requirements.
•  Coordinate with external auditors to facilitate successful completion of ISO 27001 and 
• PCI-DSS audits.
•  Identify gaps in current security controls and develop corrective action plans.

2. Security Operations Center (SOC) Management:

•  Oversee the daily operations of the SOC, manage the SIEM system, ensuring effective 
• monitoring and analysis of security events, ensuring timely detection, analysis, and 
• response to security incidents.
•  Develop and implement SIEM rules, alerts, and dashboards to enhance threat detection 
• capabilities.
•  Conduct regular reviews of SIEM logs and reports to identify potential security threats 
• and vulnerabilities.
•  Develop and implement incident response procedures, ensuring effective handling of 
• security breaches and incidents.
•  Coordinate with the IT team to ensure proper configuration and maintenance of 
• security tools and technologies.

3. Risk Management:

•  Perform IT Risk Assessments to identify and evaluate its security risks to the 
• organization.
•  Develop and implement risk mitigation strategies to reduce the impact of identified 
• risks.
•  Maintain an up-to-date IT risk register and ensure regular review and update of risk 
• management plans.

4. Training and Awareness:

•  Develop and deliver security awareness training programs for employees, ensuring 
• understanding of security policies and best practices.
• o Stay current with emerging security trends, threats, and technologies, and share 
• knowledge with the team.

Qualifications:

• Bachelor's degree in Information Tech, Computer Science, Computer Eng, or a related field.
• Professional certifications such as CISSP, CISM, CISA, or equivalent.
• Proven experience in information security management, including ISO 27001 and PCI-DSS 
• compliance and ITGC.
• Strong understanding of SOC and SIEM operations, including incident response and threat 
• analysis.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills, with the ability to interact effectively with 
• technical and non-technical stakeholders.

Preferred Experience:

• Experience in managing security audits and developing audit reports.
• Familiarity with risk management frameworks and methodologies.
• Knowledge of security technologies and tools, including firewalls, intrusion 
• detection/prevention systems, PAM, DLP and endpoint protection solutions.
• Hands-on experience in fintech ecosystem.