Apply defense-in-depth concepts and information security controls (Administrative, Technical, Physical, Operational, Deterrent, and Compensating controls) within day-to-day security activities.
Support compliance activities related to information security frameworks and standards such as PCI TSP, PCI PIN, SOC2 Type II, and ISO27001.
Perform PCI-DSS control activities and execute the relevant periodic compliance tasks.
Support the implementation of controls under the CBE Cyber Security Framework.
Manage and track different audit missions and provide the needed support to stakeholders in the remediation plan.
Develop and review information security and corporate policies and processes to ensure alignment with information security standards and regulations.
Execute and support the information security awareness program, including security awareness trainings, phishing simulation campaigns, and security awareness sessions.
Assess new user access requests and review existing access permissions against the least privilege and need-to-know principles.
Support information security assurance activities and risk management practices.
Requirements
Bachelor's degree in engineering, computer science or equivalent
+5 years of relevant experience
Reasonable knowledge of defense-in-depth and information security controls (Administrative Controls, Technical Controls, Physical Controls, Operational Controls, Deterrent Controls, Compensating Controls).
Reasonable knowledge of information security compliance frameworks and standards such as PCI TSP, PCI PIN, SOC2 Type II, ISO27001, PCI PIN.
Strong knowledge of PCI-DSS, including the controls and relevant periodic activities.
Strong knowledge of the CBE Cyber Security Framework, including control implementation.
Strong knowledge of the information security awareness program, including security awareness trainings, phishing simulation campaigns, and security awareness sessions.
Strong knowledge of user access governance, including assessing new user access requests and reviewing existing access permissions against the least privilege and need-to-know principles.
Basic knowledge of information security assurance activities and risk management practices.
