Our Company
NymCards mission is to enable fintech and financial innovators to launch frictionless payment programmes with our modern infrastructure, at record speed. Our open API modern card issuing platform provides flexibility and control to issue cards, authorise transactions and manage payment operations with just one integration and one partner.
We are a team of industry experts and technology innovators who take a dynamic approach to solving complex industry challenges. NymCard has an open and collaborative work environment and together we make up the NymCardian Nation. We power possibilities for our customers AND each other by bringing the best talent together to do the best quality work we can.
By staying true to our core values: Respect, Transparency, Collaboration, Quality, Speed, Courage, NymCards strives to build a global team as diverse as the markets we serve. It is a very exciting time to join NymCard and as our Business grows, you and your opportunities will grow with it. To Learn more about NymCard visit our Website and LinkedIn.
The Role
This is a crucial role in safeguarding the organization's information assets by maintaining the confidentiality, integrity, and availability of critical data. They are responsible for implementing and managing robust security measures, conducting comprehensive security assessments, mitigating vulnerabilities, and promptly responding to security incidents. The Information Security Architect collaborates closely with cross-functional teams to identify potential threats, deploy effective controls, and provide technical expertise to fortify the organization's systems, networks, and data against cyber threats and malicious activities.
Responsibilities
- Work closely on analysing and identifying various information security related risks and vulnerabilities.
- Propose, design and implement relevant security changes, where feasible.
- Analyse regulatory security requirements across GCC where required.
- Play a core role in the design and acceptance of new infrastructure and platform initiatives from security perspective.
- Perform regular internal and external vulnerability scans as per the corporate policies and procedures, and advise DevOps Team about priorities,
- Organise regular internal and external penetration tests as per the corporate policies and procedures.
- Support Technology teams in various internal and external security audits with focus on automated / regular infrastructure audits (IAC security) Cloud services / Terraform / k8s etc.
- Lead, in close collaboration with other Technology team, the remediation of audits, scans and pen-tests findings.
- Coordinate the installation, configuration, and maintenance of mission-critical security applications such as AV, SIEM, DLP, FIM with DevOps and others related.
- Champion information security topics and concepts amongst the Technology team while acting as an ambassador for the InfoSec team.
- Help with source code security reviews for various development languages.
Skills & Qualifications
- Excellent communication skills, both written and orally
- Strong interpersonal, organisational skills and a team player
- You have a positive can-do attitude and a flexible approach
- Excellent analytical skills and detail oriented
- You have the ability to learn new technology/systems/applications quickly
- Capability to think on your feet, solve problems and also predict and resolve future issues
- Strong stakeholder management skills and an ability to partner effectively with all
Knowledge & Experience
- Degree in Engineering or Information Technology related field
- Minimum of 3 years work experience in Information Security engineering
- Excellent understanding of various information security frameworks and practices. Working experience with PCI-DSS compliance is a great plus
- Advanced working experience with infrastructure security tools including but not limited to WAFs, IP/IDS, NextGen Firewall,
- Advanced working experience with system-live security tools including but not limited to Antivirus, File Integrity Monitoring, Log Management (SIEM) - Wazuh/OSSEC, Identity Access Management
- Good knowledge in Kubernetes, Docker Swarm or other cluster management software
