Thunes' mission is to help businesses and their customers around the world participate in the global economy by providing them fast and affordable cross-border payments. We interconnect banks, payment service providers, mobile wallet operators, money transfer operators and platforms to unlock opportunities for businesses and individuals alike.
By providing unparalleled emerging market coverage and smarter transfer solutions for cross border payments, we enable financial inclusivity for those who need it the most.
Our Solutions
We act as a trusted, neutral aggregator in a deeply fragmented industry. We offer end-to-end payments solutions to tackle the speed, cost-efficiency and accessibility challenges for emerging markets:
Business payments
Remittance processing
Mass payouts
Virtual accounts / invoice payments
Context of the role
Thunes is seeking a talented individual to own and manage information security within our payments platform.
We operate a platform which allows our many partners either to remit, or to receive across borders via integrations with our API, with a focus on remittances to developing economies. Our platform is highly available, with a commitment to high availability and optimum security, both from external threats and to ensure absolute integrity within our systems and procedures.
The Head of Information Security, reporting directly to the CTO, will be responsible for ensuring that our security policies are established as best-in-class for the industry, and ensuring compliance with those policies from all internal and external partners. Responsibilities would include defining not just the security requirements but also engagements with 3rd-party vendors and others to perform vulnerability assessments, and compliance with both regulated and industry-standard security practices, and to modify the policies accordingly.
We are looking for a highly driven, self-motivated, technically hands-on individual who is truly excited about creating meaningful impact. In this role you will combine a startup mindset with the scale of an industry leader, providing you with hands-on exposure to how key organization decisions are made and the challenges of operating and securing critical cloud infrastructure and services. A career with Thunes is an opportunity to join a fast-growing, dynamic payments leader at an early stage and to have maximum impact, with a diverse group of talented, multi-national entrepreneurial thinkers.
Responsibilities
Drive the overall security policy of both the platform and information handling within the organisation
Serve as a focal point of contact for the information Security matters within the organisation and with customers
Keep the overall platform, systems, data and information secure in applying best practices and techniques when it comes to security
Design, roll-out and lead our Infosec Vendor Risk Assessment Program, providing a first level of due diligence in a smart and pragmatic way with our partners to safeguard the sensitive data that we may be sharing to enable our services (external facing)
Define and configure default security capabilities and best practices
Identify security risks early on and ensure they are addressed before they become actual problems
Manage security policies, identify and respond to any intrusion with anti-malware protection, intrusion detection, and intrusion prevention systems
Manage controlled and time-limited access to production systems
Enforce corporate and security infrastructure policies across the teams
Configure logging and monitoring based on best practices to ensure security and system health
Setup, monitor, correlate and investigate security alerts to detect and resolve incidents
Work closely with the rest of the Engineering team to assess security aspects of the platform and systems prior to production
Keep up to date with trends and innovation in security and best practices
Define relevant KPI and metrics to assess and track the security events on the platform and provide reporting
Provide security awareness training to all information system users
Close collaboration with Engineering, Infrastructure, Data teams and others to develop and implement a rigorous security framework
What we are looking for
Degree in Computer Science or equivalent
5+ years of experience in a similar role
5+ years of experience supporting and securing large scale and critical systems and APIs in production
Industry level certifications such as CISSP
Deep understanding and experience with Firewalls, IDS, IPS, SIEM, cloud and on-premise security layers
Strong knowledge of risk assessment tools, technologies and methods
Experience and strong understanding of PCI-DSS, ISO27001, GDPR, CCPA, etc frameworks and standards
Experience designing and auditing secure networks, systems and application architectures
Experience planning, researching and developing security policies, standards and procedures
Hands-on understanding and experience of Linux administration, command line interface, shell scripting
Strong understanding of Internet protocols such as DNS, HTTP, SSL, SMTP, TCP, and UDP
Experience supporting the following technology stack and services (Amazon AWS, Terraform, Ansible, Docker, HAProxy, Nginx, ELB/ALB, ELK, Prometheus, Grafana, ECS/EKS/Kubernetes, Fluentd, Elasticsearch) is a plus
Programming experience in one or several of the following languages (Golang, JavaScript, Perl, Python) is a distinct advantage
A strong multi-tasker with a keen eye for detail, ability to think one step ahead
Strong analytical, problem-solving skills and willingness to investigate complex problems
Strong strategic thinking skills to handle both the big picture and crucial decisions
Ability to thrive on a high level of autonomy and responsibility
Ability to work very well cross-functionally, to think rigorously and make hard decisions and tradeoffs when required
Sustain learning and knowledge sharing culture in the organization and aim at achieving a high level of technical excellence and stability
Excellent written and verbal communication skills in English
Sound like you? Apply now!