Thunes is seeking a talented individual to own and manage information security within our payments platform.
We operate a platform which allows our many partners either to remit, or to receive across borders via integrations with our API, with a focus on remittances to developing economies. Our platform is highly available, with a commitment to high availability and optimum security, both from external threats and to ensure absolute integrity within our systems and procedures.
The Head of Information Security, reporting directly to the CTO, will be responsible for ensuring that our security policies are established as best-in-class for the industry, and ensuring compliance with those policies from all internal and external partners. Responsibilities would include defining not just the security requirements but also engagements with 3rd-party vendors and others to perform vulnerability assessments, and compliance with both regulated and industry-standard security practices, and to modify the policies accordingly.
We are looking for a highly driven, self-motivated, technically hands-on individual who is truly excited about creating meaningful impact. In this role you will combine a startup mindset with the scale of an industry leader, providing you with hands-on exposure to how key organization decisions are made and the challenges of operating and securing critical cloud infrastructure and services. A career with Thunes is an opportunity to join a fast-growing, dynamic payments leader at an early stage and to have maximum impact, with a diverse group of talented, multi-national entrepreneurial thinkers.
- Drive the overall security policy of both the platform and information handling within the organisation
- Serve as a focal point of contact for the information Security matters within the organisation and with customers
- Keep the overall platform, systems, data and information secure in applying best practices and techniques when it comes to security
- Design, roll-out and lead our Infosec Vendor Risk Assessment Program, providing a first level of due diligence in a smart and pragmatic way with our partners to safeguard the sensitive data that we may be sharing to enable our services (external facing)
- Define and configure default security capabilities and best practices
- Identify security risks early on and ensure they are addressed before they become actual problems
- Manage security policies, identify and respond to any intrusion with anti-malware protection, intrusion detection, and intrusion prevention systems
- Manage controlled and time-limited access to production systems
- Enforce corporate and security infrastructure policies across the teams
- Configure logging and monitoring based on best practices to ensure security and system health
- Setup, monitor, correlate and investigate security alerts to detect and resolve incidents
- Work closely with the rest of the Engineering team to assess security aspects of the platform and systems prior to production
- Keep up to date with trends and innovation in security and best practices
- Define relevant KPI and metrics to assess and track the security events on the platform and provide reporting
- Provide security awareness training to all information system users
- Close collaboration with Engineering, Infrastructure, Data teams and others to develop and implement a rigorous security framework
- Degree in Computer Science or equivalent
- 5+ years of experience in a similar role
- 5+ years of experience supporting and securing large scale and critical systems and APIs in production
- Industry level certifications such as CISSP
- Deep understanding and experience with Firewalls, IDS, IPS, SIEM, cloud and on-premise security layers
- Strong knowledge of risk assessment tools, technologies and methods
- Experience and strong understanding of PCI-DSS, ISO27001, GDPR, CCPA, etc frameworks and standards
- Experience designing and auditing secure networks, systems and application architectures
- Experience planning, researching and developing security policies, standards and procedures
- Hands-on understanding and experience of Linux administration, command line interface, shell scripting
- Strong understanding of Internet protocols such as DNS, HTTP, SSL, SMTP, TCP, and UDP
- Experience supporting the following technology stack and services (Amazon AWS, Terraform, Ansible, Docker, HAProxy, Nginx, ELB/ALB, ELK, Prometheus, Grafana, ECS/EKS/Kubernetes, Fluentd, Elasticsearch) is a plus
- A strong multi-tasker with a keen eye for detail, ability to think one step ahead
- Strong analytical, problem-solving skills and willingness to investigate complex problems
- Strong strategic thinking skills to handle both the big picture and crucial decisions
- Ability to thrive on a high level of autonomy and responsibility
- Ability to work very well cross-functionally, to think rigorously and make hard decisions and tradeoffs when required
- Sustain learning and knowledge sharing culture in the organization and aim at achieving a high level of technical excellence and stability
- Excellent written and verbal communication skills in English
Sound like you? Apply now!