Chief Information Security Officer
HomeSend being a registered Payment Institution and being certified for the Data Security Standard of the Payment Card Industry (PCI-DSS), Information Security is a key foundational element in our mission to be a strong reputable provider of money transfer services. To enforce and maintain the highest level of security integrity HomeSend seeks an experienced, engaging and visionary leader who wants to become part of a growing company in this challenging and rewarding industry.
The Chief Information Security Officer (CISO) will report to the Chief Executive Officer (CEO) and works closely with the HomeSend management, Information Technology and Operations teams. He/she will provide leadership and take ownership of the Security requirements to keep the PCI-DSS certification and ensure the highest level of physical and information security is implemented and maintained.
The complexity of this position requires a leadership approach that is engaging, and collaborative, with an ability to work with other leaders to set the best balance between security strategies and other priorities. Nevertheless he/she must ensure the requirements from governance or PCI-DSS are strictly enforced. The CISO needs to be able to articulate complex technical issues and risks effectively and in a way that is clear, quick to the point, can be well understood, and does not cause any unnecessary panic. He/she will drive all security related initiatives and be responsible for their success.
The position is based in Brussels, Belgium. Some occasional travel may be required to our office near Grenoble, France or other locations based upon needs.
- Enforce and oversee the establishment and maintenance of a security framework for HomeSend that encompasses all components required to run the HomeSend business both physical and non-physical in order to remove or minimize the eventual impact from potential internal and external threats.
- Develop, maintain and oversee information security policies, procedures and control techniques to address all requirements for HomeSend to operate with minimal and managed risk while maintaining the confidentiality, integrity and availability of company and customer data across information systems and technology.
- Risk assessment, mitigation and avoidance: Through a regular inventory of information assets, intellectual property and other digital infrastructure, and by understanding the threats they face, the CISO must decide which steps should be taken to protect those things from damage, loss or harm.
- Be the business owner for the implementation and execution of automated and continuous monitoring to detect, contain and mitigate vulnerabilities and incidents that may impair information security and information systems.
- Legal and regulatory compliance: This requires an understanding of how HomeSend’s information assets and digital architecture fall within the scope of applicable laws and regulations, and complying with related requirements such as assessments, audits, reporting, privacy, confidentiality and more.
- Ensure PCI-DSS certification is maintained. Take responsibility to ensure all steps are being taken to provide continued compliance with the PCI-DSS standard. The CISO is the principle internal and external single point of contact for the PCI-DSS certification program.
- Take ownership for implementing an Incident Response Plan. Responsible for the coordination of all activities following a Security Incident and acts as communications point of contact with COO and CEO for internal and external communication as appropriate.
- Enterprise and security architecture: In collaboration with the Chief Technical Architect the CISO has to ensure that while formal discipline within IT architecture seeks to make sure that technology acquisition and use enables and reinforces an organization's ability to meet business goals and defined performance, the necessary levels of protection are included that risk assessments and compliance requirements dictate.
- Act as communications interface internally and to external parties for security related matters in coordination with the CEO and COO in relation to compliance requirements, security incidents, risk assessments, governance or other security related topics.
- Regularly train and oversee that personnel is aware of HomeSend’s Information Security policies and that line managers enforce compliance of such by their team members.
Main Working Partners
The CISO will work closely with the COO and Program Manager to establish and maintain the policy framework and ensure ongoing compliance with PCI-DSS. The role will interact on a daily basis with the Security System Engineer and with the Security Administrator role that is partly outsourced to review event log reports. A regular interaction with HomeSend’s compliance office is expected to align policies and monitor compliance with external governance bodies. As a trainer the CISO will come into contact with all staff memb
All about you
Preferred Qualifications and Experience
- Relevant degree, certification and/or equivalent experience
- Demonstrated knowledge of IT Security controls and practices.
- Expert knowledge of IT security systems and tools including firewalls, intrusion prevention systems, SIEM, and vulnerability management platforms.
- Demonstrated skills directing and applying security controls to Computer software and hardware utilizing the NIST Cybersecurity framework or ISO 27001.
- Demonstrated skills at administering complex security controls and configurations to computer hardware, software and networks.
- Advanced knowledge of data encryption technologies and experience selecting and applying appropriate data encryption technologies to endpoints, databases, transport protocols, etc.
- Experience in incident response and digital forensics
- Demonstrated knowledge of secure hardware, software and network design techniques.
- Demonstrated strategy for analyzing and preventing security incidents of high complexity.
- In-depth knowledge of computer hardware, software and network security issues and approaches.
- Experience interfacing with upper management on a regular basis.
- Advanced knowledge of IT security and in particular the requirements of PCI-DSS v3.2.
- Broad knowledge of other areas of IT. Experience with any of Linux (Red Hat), VMWare, VPNs (IPSec, OpenVPN…), IPv4 routing and configuration, Security tools (IPS, IDS…), Scan Analysis (ASV, IPT, EPT, Nessus) is an advantage.
- Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM).
- Strong oral and written communications skills are a pre-requisite
- Experience in a position of CISO within a finance related institution is a strong advantage.
- Advanced interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization.
- Communicate clearly and appropriately
- Ability to work and interact effectively in a multi-cultural team.
- Spoken and written technical English is mandatory.
- Innovative – Suggest new technologies and/or methods to improve our service and daily jobs
- Work management – Plan and manage your work efficiently
- Teamwork – A good team works as one – locally, globally
- Positive attitude – Positive attitude produces positive results; enjoy what you do
- Customer focus – Our customers are the reason for our existence
- HomeSend’s goals drive your behavior – Deliver outcomes based on HomeSend’s goals.