Senior Security Operations Officer

Tasks

As Senior Security Operations officer in Paymentology, you will be joining a globally distributed company and will work with colleagues dotted across the globe.

Your colleagues are passionate about our products and customer-experience and you will work closely with them and our clients globally as an ambassador and driver of our information security operations initiatives.

Primary responsibilities
- Build and manage a SOC with a combination of in-house expertise and MSSP support where relevant or applicable
- Work with the Infrastructure teams to ensure SIEM is consistently deployed and optimised across all environments. Help ready the organisation for adoption of SOAR and other security platforms including XDR as we mature our security operations.
- Responsible for security event/incident monitoring, endpoint monitoring and alerting, daily log reviews and regular user access reviews.
- Drive vulnerability management initiatives within the organisation and ensure proper analysis is performed for any detected vulnerability and aligned to risk management to ensure risk reduction.
- Operate a secure infrastructure by ensuring that all server and desktop systems are up-to-date with the latest security patches and fixes in conjunction with relevant internal teams.
- Ensure the configuration management database and asset management system are appropriately maintained and tracked.
- Lead the security operations team to manage security incidents (detection, analysis, response, recovery and post-incident reporting) in close co-operation with the support, client services and service delivery teams.
- Ensure security operations SOPs are defined, implemented and measured in liaison with key stakeholders, vendor recommendations and regulatory requirements.
- Additional responsibilities
- Operate and implement Information Security policies, strategies, procedures, standards and projects.
- Work closely with the information security team on all governance, risk and compliance initiatives including PCI-DSS and ISO27001.
- Help drives activities to promote information security awareness within the organisation both annually and throughout the year.
- Monitor and advise on security threats and related regulatory issues, national/international and vendor advisories.
- Test and implement new security solutions as required to maintain a robust security posture.
- Have oversight of Backup and Restore activities and ensure they are conducted, operated securely and tested by the relevant internal teams.
- Conduct situational awareness based on intelligence and threat information and formulate and report an operational view of the external environment.
- Have awareness of methods and motivations adopted by hackers to attack IT platforms and automated information systems.
- Consult with the crisis management/BCP teams, help develop and deliver preparedness exercises at the management team, at least annually.
- Provide guidance on protecting the information resources of the company from unauthorised destruction, modification, use, and disclosure.
- Provide security architecture inputs across the enterprise, particularly around security initiatives and tools.
- Help drive security operations initiatives and projects from inception to completion, work with the security team to build a long-term security roadmap.

Please note the security operations team (including yourself) may be occasionally expected to perform the role out of hours to the extent required to protect the organisation.

**Requirements**:
**What it takes to succeed**:

- Extensive information security experience across broad security domains including security operations, security device monitoring and alerting
- In-depth experience in security incident management processes and tools.
- Knowledge and experience of working with industry standards such as ISO27001, PCI-DSS and GDPR.
- Proven ability to identify and assess complex risks and understand the mechanisms (people, process, technology) available to manage those risks
- Help obtain and maintain existing and future accreditations in accordance with applicable regulations, client-requirements and industry best-practices
- Experience working with technical people responsible for implementing security technology and compliance initiatives
- Strong stakeholder engagement skills both vertically and horizontally
- Detail-oriented, delivery-focused, and able to manage multiple work streams simultaneously
- Good written and verbal communications skills
- Fluent in business English both oral and written.
- Bonus points:

- Possess at least 5 years of working experience related to information security domains.
- Bachelor's degree ideally in an Information Technology related field (or similar experience)
- CISA, CISM, CISSP, ISO27001/ISMS LI, GDPR Foundation, OSCP, eCPPTv2, CEH or other relevant security certifications
- Other Internationally recognised certifications, such as Prince2, ITIL, COBIT, PMP.

**WHAT YOU C