Job Description

About the job Information Security Officer
Information Security Officer
Maintain Operational Systems, Networks and Security
Facilitate annual PCI audits and ensure ongoing compliance.
Ensure Linux systems are patched promptly and securely, coordinating through the correct change control process if customer impact is anticipated.
Maintain and monitor Elastic SIEM, respond to alerts, and perform in-depth investigations.
Troubleshoot system issues across all technology stacks including production/QA environments, databases, networks, and integrations.
Deploy and manage tooling to enhance operations, security, and efficiency.
Research and implement new tools (open source or commercial) that improve system performance, monitoring, logging, security, or compliance.
Develop Python scripts and tools to automate repetitive tasks.
AWS Cloud Infrastructure
Securely architect and manage AWS services, including but not limited to:
VPC, EC2, ECS/Fargate, ECR
GuardDuty, CloudWatch, CloudTrail
Load balancers, VPNs, and WAFs
Maintain robust connectivity between third parties, banking partners, and on-premises data centres.
Implement and enforce best practices in system isolation, scope reduction, and security.
Hardware Security Modules (HSM)
Support field engineers and maintain internal HSMs (Futurex, Thales).
Conduct key management ceremonies and maintain PCI compliance.
Security Governance & Compliance
Assist with audits and regulatory requirements including:
PCI-DSS & PCI+PIN
ISO 27001 (Stretch goal)
GDPR
Maintain accurate and current documentation of infrastructure, procedures, and security policies.
Promote a security-aware culture within the company.
Automation & Efficiency
Implement automation to enhance both infrastructure and security management.
Optimise costs while maintaining high security and performance standards.
Security Monitoring & Reporting
Ensure weekly vulnerability scans are completed, tracked, and resolved within SLA.
Review and sign off on daily/weekly PCI business-as-usual activities.
Analyse data and report security metrics monthly.
Collaborate with 3rd parties to complete and pass PCI certification audits.
Review and uphold The Companys security commitments to external partners.
What Were Looking For
Qualifications & Experience
Bachelors degree in Computer Science, Information Security, or related field.
At least 3 years relevant experience in security or infrastructure roles.
Experience in the payments or banking sector preferred.
Familiarity with PCI audits, DevOps practices, Linux, MySQL, and AWS.
Skills & Knowledge
Strong understanding of PCI-DSS requirements and security standards.
Hands-on experience with:
Linux (security patching, system administration)
MySQL
AWS services and virtual networking (VPC, ALB/NLB, WAF, VPNs, etc.)
Automation tools: CloudFormation, Ansible, Puppet, Chef
CI/CD: Bitbucket Pipelines, Jenkins
Scripting: Bash, Python
Containers: Docker, Kubernetes, ECS
Monitoring: Zabbix, Nagios
Logging & SIEM: ELK Stack, CloudWatch, Elastic, Splunk