By Trust Payments Apr 21, 2021

  • Malta

Job Title:  Information Security Officer
 
Intro
 
Whilst most of Trust Payments are working from home at present due to local guidelines, our Covid secure offices have still been open for people that can’t work from home. We’ve hired and onboarded more than 100 people virtually since the pandemic started and have grown significantly as a business.
 
We’ve adapted our ways of working to ensure that new starters that join feel part of one big virtual team. From regular town halls to coffee mornings and dedicated mental health days, we want to ensure we put the needs of our employees first, during such difficult times. Feedback from our new hires has been positive, they love our onboarding programme and how much it makes them feel integrated into Trust from the start.
 
Main purpose of the job:
 
Trust Payments (Malta) Ltd a regulated entity in the financial services space is looking to recruit the services of an Information Security Officer (ISO) to oversee the company’s ICT Security Function. Covering aspects of physical, digital and electronic security this position will report on overall risk in this area and implements appropriate security programs to address these.
 
A major component of the position is to provide business value by establishing smooth cooperation between the company and its outsourced partners. The task calls for an individual who is well versed and up to date on the latest threat landscape and is continuously looking to enhance and improve ICT security for the organization and its customers ensuring full compliance with statutory requirements. Finally, the ISO will work with other stakeholders ensuring that security needs are adequately discussed and prioritised in line with the company’s strategic plans.
 
Duties and responsibilities:
 
•   Act as the facilitator in the evaluation of cyber risk and discuss appropriate remediation with senior management
•   Assess risk in line with the organisation’s information security policy
•   Build a relationship with business units and technical teams to identify the environment, the attack surface, and the IT risk posture of the company
•   Ensure effective execution of the ICT and Cybersecurity risk management framework in accordance with applicable EBA guidelines together with the CRO
•   Assist the CRO in developing, implementing, and monitoring a comprehensive information security and IT risk management program
•   Assist the CCO and Outsourcing Officer on ICT related aspects during the implementation of the internal Outsourcing framework
•   Assist in or conduct risk analysis as required on IT related changes. Ensure that any proposed system changes do not breach the company IT security policy
•   Champion good security practice, awareness, and training throughout the organization. Carry out staff security awareness training upon hire and annually thereafter
•   Monitor, track, and report on information security risks on all company initiatives. Work with other departments providing IT security advice on any new or ongoing      projects
•   Assist and advise company staff on IT security related matters, e.g. phishing awareness
•   Determine security incidents and inefficiencies by conducting periodic audits, annual security reviews and firewall/router configuration reviews
•   Be part of the Disaster Recovery and Incident response teams, stay current on Disaster Recovery and Business Resumption best practices as well as suggest      changes to the DR/BR plans and implement changes accordingly
•   Participate in developing the IT security policies for the company
•   Ensure that sensitive data (including cardholder data) stored by the company is retained in-line with the data retention policy as well as liaise with other      departments to ensure that data that falls outside of the data retention policy is securely disposed of
•   Stay current with all published security vulnerabilities and escalate any action required to the relevant stakeholders
•   Coordinate and implement routine IT Security activities
•   Log analysis and suspicious activity reporting
•   Security scanning and remediation (wireless analysis, vulnerability assessment, ASV scans)
•   Coordinate external stakeholders to carry out penetration testing against company infrastructure
•   Application review and security assessment
•   Keep up to date with the latest security and technology developments, including researching/evaluating emerging cyber security threats and ways to manage      them
 
Experience and Qualifications:
 
•   Bachelor’s Degree in a science or related field
•   Experience in an Information Security role
•   Solid knowledge of various information security frameworks
•   Implementation and maintenance of technical controls and processes
•   Familiar with the PCI DSS, SOC2 and ISO27001 standards
•   Working knowledge of the OWASP application security document
•   Awareness of common ICT vulnerabilities and methods of mitigation
•   Certified Ethical Hacker (CeH) or similar considered an asset
•   Familiar with project management frameworks such as PRINCE2 and Agile methodologies is a nice to have
•   Computer literacy, Microsoft Office, CRM, DMS, data handling, record keeping
•   Good management skills and excellent communication skills
•   Able to work on your own
•   Excellent problem solving and analytical skills
•   Excellent problem solving and analytical skills
•   Effective verbal and written communication skills
•   Ability to always perform the role of a good ambassador for the organisation

Upload your CV/resume or any other relevant file. Max. file size: 50 MB.

By Trust Payments Apr 21, 2021

  • Malta

Job Title:  Information Security Officer
 
Intro
 
Whilst most of Trust Payments are working from home at present due to local guidelines, our Covid secure offices have still been open for people that can’t work from home. We’ve hired and onboarded more than 100 people virtually since the pandemic started and have grown significantly as a business.
 
We’ve adapted our ways of working to ensure that new starters that join feel part of one big virtual team. From regular town halls to coffee mornings and dedicated mental health days, we want to ensure we put the needs of our employees first, during such difficult times. Feedback from our new hires has been positive, they love our onboarding programme and how much it makes them feel integrated into Trust from the start.
 
Main purpose of the job:
 
Trust Payments (Malta) Ltd a regulated entity in the financial services space is looking to recruit the services of an Information Security Officer (ISO) to oversee the company’s ICT Security Function. Covering aspects of physical, digital and electronic security this position will report on overall risk in this area and implements appropriate security programs to address these.
 
A major component of the position is to provide business value by establishing smooth cooperation between the company and its outsourced partners. The task calls for an individual who is well versed and up to date on the latest threat landscape and is continuously looking to enhance and improve ICT security for the organization and its customers ensuring full compliance with statutory requirements. Finally, the ISO will work with other stakeholders ensuring that security needs are adequately discussed and prioritised in line with the company’s strategic plans.
 
Duties and responsibilities:
 
•   Act as the facilitator in the evaluation of cyber risk and discuss appropriate remediation with senior management
•   Assess risk in line with the organisation’s information security policy
•   Build a relationship with business units and technical teams to identify the environment, the attack surface, and the IT risk posture of the company
•   Ensure effective execution of the ICT and Cybersecurity risk management framework in accordance with applicable EBA guidelines together with the CRO
•   Assist the CRO in developing, implementing, and monitoring a comprehensive information security and IT risk management program
•   Assist the CCO and Outsourcing Officer on ICT related aspects during the implementation of the internal Outsourcing framework
•   Assist in or conduct risk analysis as required on IT related changes. Ensure that any proposed system changes do not breach the company IT security policy
•   Champion good security practice, awareness, and training throughout the organization. Carry out staff security awareness training upon hire and annually thereafter
•   Monitor, track, and report on information security risks on all company initiatives. Work with other departments providing IT security advice on any new or ongoing      projects
•   Assist and advise company staff on IT security related matters, e.g. phishing awareness
•   Determine security incidents and inefficiencies by conducting periodic audits, annual security reviews and firewall/router configuration reviews
•   Be part of the Disaster Recovery and Incident response teams, stay current on Disaster Recovery and Business Resumption best practices as well as suggest      changes to the DR/BR plans and implement changes accordingly
•   Participate in developing the IT security policies for the company
•   Ensure that sensitive data (including cardholder data) stored by the company is retained in-line with the data retention policy as well as liaise with other      departments to ensure that data that falls outside of the data retention policy is securely disposed of
•   Stay current with all published security vulnerabilities and escalate any action required to the relevant stakeholders
•   Coordinate and implement routine IT Security activities
•   Log analysis and suspicious activity reporting
•   Security scanning and remediation (wireless analysis, vulnerability assessment, ASV scans)
•   Coordinate external stakeholders to carry out penetration testing against company infrastructure
•   Application review and security assessment
•   Keep up to date with the latest security and technology developments, including researching/evaluating emerging cyber security threats and ways to manage      them
 
Experience and Qualifications:
 
•   Bachelor’s Degree in a science or related field
•   Experience in an Information Security role
•   Solid knowledge of various information security frameworks
•   Implementation and maintenance of technical controls and processes
•   Familiar with the PCI DSS, SOC2 and ISO27001 standards
•   Working knowledge of the OWASP application security document
•   Awareness of common ICT vulnerabilities and methods of mitigation
•   Certified Ethical Hacker (CeH) or similar considered an asset
•   Familiar with project management frameworks such as PRINCE2 and Agile methodologies is a nice to have
•   Computer literacy, Microsoft Office, CRM, DMS, data handling, record keeping
•   Good management skills and excellent communication skills
•   Able to work on your own
•   Excellent problem solving and analytical skills
•   Excellent problem solving and analytical skills
•   Effective verbal and written communication skills
•   Ability to always perform the role of a good ambassador for the organisation

Upload your CV/resume or any other relevant file. Max. file size: 50 MB.

Want to learn more and find out how we can grow your business?

Get started