Security Analyst & Coordinator
All About Us
HomeSend is a leading player in the revolution to transform the way funds flow cross-border. It is designed to work with banks, mobile money operators, money transfer organizations and more helping them modernize the way they make and receive cross-border payments so they can provide a better service to their end-users.
Our backbone is our comprehensive global network which enables ‘paying’ Financial Institutions (banks, mobile money operators, money transfer organizations and more) to transfer funds to ‘receiving’ Financial Institutions in a way that is safe, swift, and cost-effective.
HomeSend is a joint venture of Mastercard (majority shareholder) and eServGlobal that specializes in cross-border payments.
HomeSend is a registered Payment Institution and has achieved certification for the Data Security Standard of the Payment Systems Industry (PCI-DSS). Information Security is a key foundational element in the mission of HomeSend to be a strong reputable provider of money transfer services. To maintain the highest level of security integrity HomeSend seeks an experienced individual who wants to become part of a growing company in this challenging and rewarding industry.
The Security Analyst & Coordinator (SAC) will work closely with the HomeSend management, Information Technology and Operations teams in coordinating all tasks required for maintaining PCI-DSS certification and ensure the highest level of physical and information security is implemented and maintained.
The position requires someone who can work autonomously but also work in a team to convince others. The person should be structured in their approach, have a very good technical background and experience in I.T. and has had a first experience in the security domain. The person should be engaging and collaborative, with an ability to work with colleagues in a hands-on manner, to evaluate and implement the best balance between security strategies and other priorities. Nevertheless he/she must ensure the requirements from governance or PCI-DSS are strictly enforced. He/she will be the go to person for all security related initiatives and be responsible for their success.
- Evaluate the needs and coordinate the ongoing evolution of the security framework for HomeSend that encompasses all components required to run the HomeSend business both physical and non-physical in order to remove or minimize the eventual impact from potential threats both internal and external.
- Risk assessment, mitigation and avoidance: Through a regular inventory of information assets, intellectual property and other digital infrastructure, and by understanding the threats they face, in collaboration with the Chief Operations Officer (COO), the Chief Architect and the Systems Security Engineer (SSE), propose amendments to protect those things from damage, loss or harm. This information would also be used to maintain the security policies, which include the levels of protection and responses required for HomeSend infrastructure and data.
- Make Proposals for the implementation and execution of automated and continuous monitoring to detect, contain and mitigate vulnerabilities and incidents that may impair information security and information systems.
- In collaboration with the Risk & Compliance Officer, IT and Operations management coordinate and contribute to the internal changes required to HomeSend’s policies, information assets and digital architecture in order to remain compliant with applicable laws and regulations.
- Together with IT & Operations Management ensure PCI-DSS certification is maintained. Coordinate the activities that ensure all steps are being taken to provide continued compliance with the PCI-DSS standard.
- Together with the COO implement and maintain an Incident Response Plan.
- Enterprise and security architecture: In collaboration with the Chief Architect, the SAC should validate that the necessary levels of protection are included in all changes to the information technology framework. This will include making risk assessments and validating against regulatory constraints.
- Regularly train and oversee that personnel is aware of HomeSend’s Information Security policies and that line managers enforce compliance of such by their team members. Contribute to/lead the security policy, business continuity post comprise, security awareness program
- In collaboration with the SSE validate changes to the HomeSend platforms.
- the acceptable uses of the technology, the usage of a critical technology,
- the acceptable network locations for the technologies
- the network connections and security device changes
- Change Management (CM) review, approval and verification once implemented
- Accountable for all suspicious events, security incidents and the security vulnerability
- Maintain the list of company-approved product and of service providers
- Review and follow-up of the Security Operations Center (SOC) activities including the monitoring and the analysis of the alerts
- 24/7 duties management for escalation
Main Working Partners
The SAC will work closely with the COO and IT Development Manager to maintain the security policies framework and ensure ongoing compliance with PCI-DSS. The role will interact on a daily basis with the SSE for validating ongoing changes to the environments and reviewing technical security reports. Occasional contact with the Chief Architect can be expected for reviewing technical solutions. A regular interaction with HomeSend’s Risk & Compliance Officer is expected to align policies and monitor compliance with external governance bodies. As a trainer, the SAC will come into contact with all staff members.
Preferred Qualifications and Experience
- Relevant degree, certification and/or equivalent experience
- Demonstrated knowledge of IT Security controls and practices.
- Demonstrated knowledge of secure hardware, software and network design techniques.
- Broad knowledge of IT. Experience with any of Linux (Red Hat), VMWare, VPNs (IPSec, OpenVPN…), IPv4 routing and configuration, Security tools (IPS, IDS…), Scan Analysis (ASV, IPT, EPT, Nessus) is an advantage.
- Good knowledge of IT security systems and tools including firewalls, intrusion prevention systems, SIEM, and vulnerability management platforms. – Demonstrated skills directing and applying security controls to Computer software and hardware utilizing the NIST Cybersecurity framework or ISO 27001.
- Demonstrated skill at administering complex security controls and configurations to computer hardware, software and networks.
- Advanced knowledge of data encryption technologies and experience selecting and applying appropriate data encryption technologies to endpoints, databases, transport protocols, etc.
- Experience in incident response and digital forensics is a key advantage
- Demonstrated strategy for analyzing and preventing security incidents of high complexity.
- In-depth knowledge of computer hardware, software and network security issues and approaches.
- Advanced knowledge of IT security and in particular the requirements of PCI-DSS v3.2.
- Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) or willing to certify.
- Strong oral and written communications skills are a distinct advantage
- Interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization.
- Ability to work and interact effectively in a multi-cultural team.
- Spoken and written technical English is mandatory.
The position is based in Brussels, Belgium. Some occasional travel may be required to our office near Grenoble, France or other locations based upon needs.
Alternatively, please send your CV and cover letter to the following email address firstname.lastname@example.org to apply.