We’re Littlepay - a fast growing fintech based in Melbourne, and the world's only payment processor specialising in transit ticketing. We've developed a PCI compliant, cloud-native, payments platform that enables customers to pay for public transport using any payment card, mobile wallet, or wearable device. Littlepay is now integrated with several global banks, and processing transactions for some of Europe’s major transport operators. We’re expanding into several new countries in 2020 and this role is critical to securely managing the growth of our platform.
Littlepay is trusted by enterprises, financial institutions and governments to securely process large volumes of payment data and transactions. The ISM’s role is to continuously improve our information security practices to build on the confidence and trust we have established.
You will report directly to the CEO, collaborate closely with the Engineering team, and be responsible for the information security framework and roadmap, prioritising the initiatives to be implemented.
The role would be ideally suited to an infosec consultant looking for a role with real ownership and responsibility.
- Lead the information and cyber security efforts from a governance, risk and compliance perspective.
- Drive the awareness and adoption of the desired cyber security culture and behaviours through a growing organisation
- Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) as our platform undergoes development and integrates with third parties (banks, transit systems).
- Collaborate with our Security Engineer to perform security analysis of the AWS cloud architecture and other assets.
- Facilitate internal and external security audits to ensure mandatory certifications are maintained (PCI-DSS) and achieved (ISO 27001).
- Provide input into proposals and RFP responses to address information security requirements
- Engage with our customers and provide responses to their security queries.
- Perform internal cyber security assurance activities
- Assess the effectiveness of security controls
- Oversee security and compliance remediation work.
- Ensure that information and cyber security standards, policies, and procedures reflect best practices and are relevant, accessible, understood and followed
- Plan and deliver security training for all staff.
- Provide coaching and mentoring in all aspects of security
You must have
- Experience working within a PCI-DSS or ISO 27000 compliance based organisations.
- Experience in Governance, Risk and Compliance tools
- Understanding of Cyber Security risk management
- Experience in conducting security compliance and assurance activities in a cloud based (AWS) architecture.
- Understanding of cyber security industry best practices such as ISO 27001, PCI-DSS, NIST CSF
- One or more of CISSP, CISM, CCSP.
- Demonstrated ability to apply security frameworks, policies and standards.
- Exposure to eCommerce security, focused on integrity and nonrepudiation
We would look favourably on candidates with experience in:
- Cyber and Information Security Consulting
- System Architecture
- Payment processing
- Engineering practices such as, but not limited to:
- Penetration Testing
- Attack Surface Analysis
- Security tools (pentest tools, scanners, antivirus etc).
- Mobile application development security best practices
- Open Web Application Security Project
- Disaster recovery, technologies and methods.
In return, you’ll get
The opportunity to learn about the payment processing ecosystem from end-to-end. You'll be working with the latest cloud technology and bank-grade data security, and involved in the provision of critical payment services that impact millions of daily commuters. All within the tight-knit environment of an agile scaling startup .
We offer a competitive salary, flexible work conditions, ample opportunity for professional development, and a great CBD location close to Southern Cross station.
We will provide relocation support for the right candidate (in Australia).
Apply by email: email@example.com