Information Security Officer
Location: Malta / Remote
Basis: Full time
RS2 offers secure payment services, payments software and managed services to clients in over 35 countries. The company upholds the highest industry standards and RS2’s in-house designed payments solution is a software of choice by many of the world’s leading and most innovative banks and financial institutions.
Reporting to the Head of Information Security, the chosen candidate will be responsible for the organization, upkeep and implementation of the company’s Information Security strategy so as to safeguard the company’s data, systems and processes in a continuously-evolving ICT world.
The person fulfilling this role will also be actively involved in helping to secure the company’s Software Development Lifecycle through the introduction, maintenance and improvement of security mechanisms, along with the promotion and enforcement of secure software design principles.
- Improving on the company’s SDLC from a security perspective by integrating security mechanisms throughout the process following a DevSecOps approach
- Assisting in technical code reviews and analysing software architecture from a security standpoint
- Conducting information security internal audits and risk assessment activities
- Performing, reviewing and scheduling penetration testing and vulnerability scans
- Engaging with information security assessors
- Maintaining compliance efforts against certifications such as PCI DSS and PCI SSF
- Participating in the design, documentation and review of new policies, processes and best practices
- Taking part in company-wide training efforts including Security Awareness Training and Secure Coding Training
- Assisting in monitoring and analyzing security alerts and information, and contributing to their resolution
- Compiling and maintaining security documentation
- Assisting with technical code reviews and promoting secure software design principles
- Performing various other duties which may be assigned from time to time
- Bachelor’s degree in ICT and/or a specialized security certification (e.g. CISSP)
- Minimum of 2 years’ experience in an Information Security role
- Knowledge of the latest PCI DSS, PCI SSF and ISO 27001/2 compliance standards
- Knowledge of secure software design principles and awareness of Security Knowledge Frameworks such as OWASP
- Knowledge of SDLC-related security mechanisms such as Threat Modelling, SAST and DAST will be considered an asset
- Penetration testing certification and/or equivalent experience in ethical hacking
- Experience of liaising with external security auditors
- Ability to engage with staff, including technical personnel, in order to offer guidance and enforce compliance in relation to security policies
- Ability to work off own initiative with minimal supervision
- Must be meticulous, methodical and accurate in the completion of tasks
- Must have a hands-on approach and should not be adverse to learning about new systems, tools and techniques on the fly
- Knowledge of networks and firewall configurations will be considered an asset
- Due to the technical nature of this role, programming or scripting experience is a must.
- Having a background in software development will be considered a plus.
The selected candidate will be offered training by our internal training academy. Our team of experts will support and work with you to explore your learning potential and career goals.
Please send a detailed CV via email to email@example.com stating the job title in the subject header. All applications will be treated in strict confidence.