Overview

If you are currently looking for opportunities and feel this role is right for you, please upload your resume and we will contact you to discuss current opportunities.

Infosec Security Specialist

iSignthis Ltd is an Australian Securities Exchange (ASX) listed neobank, with deposit taking operations in the EU, and transactional banking operations in both Australia and the EU.

We are looking for an Information Security, Risk and Compliance specialist. In this role you will be responsible for the design, implementation and procedures for upkeep of the IT risk management framework and to ensure that risk policies, procedures, and processes are aligned to business needs and maintain compliance with PCI, card scheme, ISO27001, GDPR, APRA CPS234 and Eurosystem requirements.

You will be ensuring that our  policies and procedures are maintained and adhered to by operations, developers and system admins.

The successful candidate will ideally have a strong hands on system administration background, relevant experience in handling IT risk/security matters in a banking or payments environment, together with experience in liaising  with external parties including QSA’s and ISO auditors.

The successful candidate will be expected to visit our EU based operations centre for two weeks every 3 months or so.

Policies & Procedures
Consult with management in refining, documenting and managing information security policies, standards and guidelines, for the group based on existing policies and procedures including PCIDSS, ISO27001, GDPR, EBA and APRA IT Guidelines.

The role will be responsible for

  • Disaster recovery and business continuity planning.
  • Conducting security risk assessments for existing and new business applications, infrastructure designs and IT projects, with recommendations.
  • Liaising with external auditors and ensure that our systems are re-certified annually.
  • Preparation of management reports together with annual reports to regulators
  • Ensuring the administration of security hardware and environments through the practice of split knowledge and dual control.
  • Reviewing work conducted by System Administrators, and intervening where necessary to ensure system security and integrity.
  • Training System Administrators in secure practices.

Experience

  • Experience working in the financial services sector, with working knowledge of at least one of the following, and exposure to any two of PCI DSS, APRA CPS234, EBA RTS or ISO27001
  • Ability to assist and improve network pen tests, server configuration review, firewall reviews, etc.
  • CISSP/CISA/CISM, CRISC, GIAC G2700 (or other certifications or tertiary education specifically related to Information Security)
  • Exceptional understanding of IT infrastructure architecture and components
  • Recent hands on experience with maintaining security on Environments including HSMs, Firewalls (Pal Alto), WAF (Imperva) Security Events logging and monitoring, data leakage solution, virus detection systems, Intrusion detection systems, Linux based AWS systems.

Right to Work

The nature of the role is such that we require Australian Citizens or Australian Permanent Residents who hold a Citizenship of a country eligible for an EU Visa Waiver.

Employment is subject to a National Police check.