Information Security Officer

Trumia is a new-generation E-Money and Payment Services financial services provider, licensed and regulated in the EU. The Institution has set out to provide its clients with customer-centric and innovative financial services. It offers both consumer wallets and corporate accounts, driven by state-of-the-art technology to make its financial services seamless and beneficial to its users. 

We are currently looking for an Information Security Officer to join our fast growing and dynamic team. The opportunity to join the team at this stage in the Institutions’ journey provides for an exciting and rewarding experience. 

The ISO will have the opportunity to grow in a dynamic environment, and will be responsible to ensure that the Institution maintains an appropriate level of security, in compliance with internal policies as well as regulatory requirements. The ISO will benefit form the opportunity to work with other Cyber and Information Security industry specialists who form part of the Group Information Security Function.

Responsibilities:  

● Develop, implement and monitor a comprehensive enterprise-wide information security program to ensure the integrity, confidentiality and availability of data; 

● Develop and maintain information security policies, standards and guidelines; 

● Work closely with the Risk Function and the 2nd Line of Defence on determining acceptable risk levels for the Institution and ensuring the IT environments are adequately protected from potential risks and threats; 

● Participate in development and implementation of the appropriate and effective controls to mitigate identified threats and risks; 

● Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate course of action; 

● Follow-up on detected security issues and implement solutions to reduce security risk; 

● Meet with the 1st Line of Defence Functions to analyze, document and define requirements associated with new development or maintenance and enhancements to existing security roles and permissions. Review completed roles/permissions with users to ensure requirements are fully met. 

● Conduct risk assessments on, and monitoring of, outsourced third-party technological arrangement providers to the Institution; 

● Work with internal and external auditors to document and confirm that all security administrative duties are properly performed as well as demonstrate overall compliance. 

● Analyse security logs, monitoring logs, firewall logs, intrusion prevention system logs, etc. 

● Conduct analysis related to forensic investigations, cybercrimes, and/or cyberattacks. 

● Responsible to ensure the Institution implements mature level of controls, enabling compliance with GDPR, PCI, ISO27001, SOC2; 

● Work closely with the Group IT security field experts; 

● Responsible for information security awareness program for staff; 

● Responsible and playing a key role in managing information security risks within the Institution; 

● Demonstrate a good level of hands on experience in managing information security tools and applying risk mitigation control through such;

● Responsible for continuous monitoring of compliance and related security assessment and audits; 

● Reports to Trumia CEO and the Group CISO; 

● Ensure compliance with regulations and security policies that apply to Trumia products and systems, such as PCI compliance and regional or national data privacy regulations; 

● Keeping up to date with developments in IT security standards and threats; 

● Performing penetration tests; 

● Collaborating with Management and the IT Function to improve security; 

● Documenting any security breaches and assessing their damage; 

● Monitor access to all systems and maintains access control profiles on the applicable technological arrangements applied within the Institution; 

● Develop and/or maintain appropriate Segregation of Duties within and across applications; 

● To undertake such other ad-hoc duties, and reporting, as required from time to time which are commensurate with the position. 

Requirements:

● Bachelor’s degree in Computer Science, Computer of Software Engineering, Information Technology, or related field or equivalent industry experience; 

● Sound knowledge of relevant standards such as PCI, GDPR, CCPA, SOC2, ISO27001 and similar; 

● Ability to design, implement and enforce enterprise wide policies and programs; 

● Holder of information security, risk management, digital forensics certificate (e.g. CISA, CISM, CDPSE, CISSP, GIAC, CEH, Encase, etc.) is a plus; 

● Familiar with IT risk assessment frameworks; 

● Strong communication and advocacy skills, both verbal and written, with the ability to express complex technical issues in an easily understood manner in English; 

● Ability to work on his / her own initiative and as part of a team, and possesses strong interpersonal skills; 

● A demonstrated commitment to high professional ethical standards; 

● Able to work in one of the Group offices situated in Malta or Cyprus. 

If you wish to develop your career in dynamic environment, have a passion for working in Technology, and wish to develop your career in the financial services sector, we invite you to apply for this exciting opportunity. Join Trumia and be part of a dynamic team shaping the future of electronic money services.