Job Vacancies at Multigate Payments Limited

Duties/Responsibilities

Information Security Program Management:

• Develop, implement, and maintain the organization's information security management system (ISMS) in line with ISO 27001 standards.
• Establish and oversee information security policies, procedures, and controls to protect organizational assets.

Business Continuity Management:

• Design, implement, and manage the organization’s Business Continuity Management System (BCMS) in accordance with ISO 22301.
• Conduct business impact analyses (BIA) and risk assessments to identify critical business functions and develop appropriate recovery strategies.

PCI DSS Compliance:

• Ensure compliance with PCI DSS requirements for handling payment card data securely.
• Oversee annual assessments, vulnerability scans, and remediation plans related to PCI DSS compliance.

SWIFT Security Compliance:

• Implement and manage compliance with the SWIFT Security Controls Framework (SCF) and the Payment Services Provider (PSP) guidelines.
• Ensure the organization meets all mandatory and advisory SWIFT security controls.
• Oversee SWIFT-related security assessments, attestations, and remediation plans to address identified vulnerabilities.

Application and Technology Product Security:

• Work with development teams to integrate security throughout the software development lifecycle (SDLC).
• Conduct regular security reviews, penetration testing, and vulnerability assessments of applications and technology products.
• Ensure secure coding practices and compliance with relevant standards for application security( e.g., OWASP Top 10).

Cloud Security Management:

• Design and enforce cloud security best practices, with a focus on Microsoft Azure.
• Implement security measures to protect data and applications hosted in the cloud.
• Conduct regular assessments of cloud infrastructure to ensure compliance with organizational and regulatory standards.

Network Security and Integrations:

• Oversee and secure network integrations with third parties, ensuring data confidentiality, integrity, and availability.
• Implement robust network monitoring and access control measures to mitigate risks associated with third-party connections.

Endpoint Security:

• Develop and manage endpoint security strategies to protect devices against malware, unauthorized access, and data breaches.
• Monitor and enforce compliance with endpoint security policies across all devices.

Data Privacy and Regulatory Compliance:

• Ensure compliance with global data privacy regulations, including GDPR, NDPA, and other relevant standards.
• Implement data protection strategies to secure sensitive and personal information.
• Collaborate with legal and compliance teams to address regulatory requirements and audits.

Incident Response:

• Develop and manage incident response plans to address security breaches, cyber threats, and disruptions.
• Coordinate with internal and external stakeholders during incident response and recovery activities.

Audits and Certification:

• Plan and coordinate internal and external audits for ISO 27001, ISO 22301, PCI DSS, SWIFT PSP, and other relevant compliance frameworks.
• Address non-conformities and ensure successful completion of certification processes.

Training and Awareness:

• Conduct security awareness and business continuity training for employees.
• Promote a culture of security and resilience across the organization.

Collaboration and Reporting:

• Collaborate with all departments to align security initiatives with organizational goals.
• Provide regular reports on security and continuity status, compliance, and risks to senior management.

Requirements

• Bachelor’s degree in Computer Science, Information Security, or a related field (Master’s degree preferred).
• Minimum of 5 years of experience in information security management, including the implementation of
• ISO 27001, ISO 22301, PCI DSS, and SWIFT CSP.
• Proven expertise in cloud security, with a strong focus on Microsoft Azure.
• Hands-on experience with network security and third-party integrations.
• In-depth knowledge of endpoint security solutions and practices.
• Strong understanding of data privacy regulations, such as GDPR, NDPA.
• Professional certifications such as CISM, CISSP, Microsoft Certified: Azure Security Engineer Associate,
• AWS Certified Security Specialty, CRISC, or equivalent.
• Excellent communication, problem-solving, and project management skills.

Preferred Skills

• Experience with security tools such as SIEM, vulnerability scanners, and endpoint protection.
• Familiarity with SaaS environments and related security challenges.
• Knowledge of additional regulatory frameworks and compliance standards.

go to method of application »

• Multigate is seeking to hire a highly experienced Senior Information Security Officer (GRC) to lead and manage the organization's Information Security Governance, Risk, and Compliance (GRC) functions. The successful candidate will be responsible for maintaining compliance with international standards, including ISO/IEC 27001, ISO 22301, and ISO 20000, as well as ensuring adherence to the SWIFT Provider Security Program (SWIFT PSP) for service providers.
• This role is critical in embedding security governance into business processes, ensuring that our organization meets all regulatory, contractual, and internal security requirements.

Duties/Responsibilities

Governance & Compliance:

• Develop, implement, and maintain the organization's information security governance framework.
• Oversee and manage compliance with ISO 27001 (Information Security), ISO 22301 (Business Continuity), and ISO 20000 (IT Service Management) standards.
• Ensure policies, procedures, and controls are aligned with industry best practices and business objectives.
• Lead the implementation and ongoing compliance with the SWIFT Customer Security Programme (CSP) for service providers, ensuring annual assessments and attestation requirements are met.

Risk Management:

• Identify, assess, and manage information security risks across the organization.
• Develop and maintain the organization's risk register and conduct regular risk reviews.
• Perform third-party risk assessments and support vendor risk management processes.
• Provide risk treatment plans and work with stakeholders to track mitigation progress.

Audit & Assurance:

• Coordinate and support internal and external audits, including ISO certifications and SWIFT compliance audits.
• Conduct regular internal compliance reviews, gap assessments, and control effectiveness testing.
• Track audit findings, non-conformities, and improvement actions to closure.

Policy & Awareness:

• Develop and maintain security policies, standards, procedures, and guidelines.
• Deliver security awareness training and education programs to promote a strong security culture across the organisation.

Stakeholder Engagement:

• Collaborate with IT, Legal, Risk, Operations, and other departments to embed security and compliance into processes and projects.
• Provide expert advice on security and compliance implications for business initiatives and technology changes.
• Report on GRC metrics and present risk and compliance status to senior leadership and governance forums.

Requirements

• 5 years proven experience in a senior information security role with a strong GRC focus.
• In-depth knowledge of ISO/IEC 27001, ISO 22301, and ISO 20000 standards, including leading audits or implementations.
• Practical experience with SWIFT CSCF/PSP compliance, particularly for service providers.
• Strong understanding of security frameworks and standards such as NIST, CIS Controls, and GDPR.
• Excellent communication and stakeholder management skills.
• Experience conducting risk assessments and managing risk treatment plans.
• Familiarity with GRC tools and risk management platforms.

Preferred Skills

• Professional certifications such as CISSP, CISM, ISO 27001 Lead Implementer/Auditor, CRISC, or similar.
• Experience in financial services or regulated industries.
• Knowledge of ITIL and service management processes.