Senior Information Security Architect
Tech stack
CISSP
NIST CSF
Job description
eService is the market leader in payment card acceptance and electronic transaction clearance in Poland and is the largest technology provider of merchant acquiring services in Central and Eastern Europe. The company has been in business for nearly 25 years, and offers omnichannel payment solutions for merchants, both in store and online, including POS terminals and a payment gateway for e-commerce and m-commerce solutions. The company supports the promotion of cashless payment methods in small and medium-sized enterprises, as well as in local government units and public institutions.
eService is a joint venture of Global Payments Inc. (NYSE: GPN) and PKO Bank Polski. Headquartered in Atlanta, Georgia with approximately 27,000 team members worldwide, Global Payments is a Fortune 500® company and a member of the S&P 500 with worldwide reach spanning North America, Europe, Asia Pacific, and Latin America.
Senior Information Security Architect
About the role:
Designs applications of advanced complexity which address business functionality and performance needs, while ensuring that maximum security is applied. Incorporates both in-house and externally acquired solutions. Considered a subject matter expertise in relation to security architecture and liaises with other areas of IT in the dissemination of this information to counter threats and internal and external vulnerabilities. Applies experience in topics such as enterprise software, software and hardware configurations, authentication, authorizations, detection and countering errant codes and scripts and related matters.
Be a part of a team where you will:
· Work with IT and IS teams to identify, select and implement technical security controls.
· Consults with IT solution designers (cloud and on-prem) to assure and ultimately approve designs and system changes in line with policy, agreed standards, and/or risk profile.
· Develop security processes and procedures to ensure that security controls are managed and maintained.
· Research evaluate and recommend information-security-related hardware and software, including developing business cases for security investments.
· Maintain an in-depth understanding of financial and credit card industry standards (e.g. PCI standards, card association requirements, GDPR) and ensures that all projects are delivered to these standards.
· Assess IT operational activities for compliance and security gaps both periodically (e.g. PCI assessments) and as an ongoing activity (e.g. day to day interactions)
· Prioritize remedial work, driving security improvements across the business. Trains non-security staff on risks and sensible approaches for mitigation.
· Support incident response from a security technology perspective
· Assess the impact of business change on the IT security model and associated artifacts
· Develop architecture strategy and creates models/patterns
What you need to be successful:
· Technology Degree or Equivalent Industry Experience, PCI DSS experience mandatory
· Strong understanding of business applications, including internet-facing and financial systems.
· Excellent technical knowledge and preferably design experience of: Mainstream operating systems [for example, Microsoft Windows, Macintosh, Linux, AIX] databases, middleware, virtualization, and storage technologies.
· A wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, cryptography, SIEM, anti-malware solutions, automated policy compliance tools, and desktop security tools.
· Network infrastructure and design, including routers, switches, firewalls, and the associated network protocols and concepts.
· Application and web technology and security issues (for example OWASP)
· Ability to apply skills to new technology stacks including Public Cloud and Containerisation
· Technical knowledge of mainframe systems (desirable)
· Proficiency in performing risk, business impact, control, and vulnerability assessments.
· Ability to absorb and understand complex 24x7 enterprise IT environments and rapidly identify potential vulnerabilities, security risks, and impacts.
· Strong analytical and conceptual skills; ability to create original concepts/theories for a variety of stakeholders.
· Excellent communication skills with the ability to communicate highly technical issues and strategy to both technical and non-technical audiences at all levels within the company
· Experience of working in an international organization and handling issues that cross-cultural boundaries.
· Able to deliver results through virtual teams and matrix managed resources
· Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) and/or TOGAF qualification highly desired CCSP or AWS Cloud Certifications highly desired
· ISO 27001 or NIST CSF experience is highly desired
What will you get from us:
· Employment contract with the prospect of long-term cooperation
· Tools necessary for work
· Onboarding, training for employees: with us you will develop your professional and personal potential
· Luxmed private medical care for you and your family members (including dentistry)
· Access to Multisport card
· Possibility of joining group life insurance
· Free learning English and German (on-line)
· Access to a free and anonymous employee support program in the field of psychological, financial and legal counselling
What's next:
· Send your resume
· Telephone interview - short talk about the position and your experience (15 min)
· Recruitment meeting - we will get to know each other, you will learn more about our company, meet your manager and we’ll talk more broadly about your experience (60 min)
· Employment offer - after a successful recruitment process we will make you an offer of cooperation
· Welcome to our team - we will provide you with the necessary tools for work and implement you in your new responsibilities