InfoSec Manager

This is a fully remote position, open to applicants in Philippines.

📋 Description

• Establish strategy, priorities, and our security operating model in alignment with business objectives – reporting to the VP of Engineering and receiving guidance from our exceptional CISO Board advisor.

• Build foundational elements to address key risks, ensuring that the standards you set are consistently maintained throughout the broader technology organization.

• Take ownership of the ISO 27001 certification process from scoping to successful audit completion.

• Execute external penetration testing and remediation, ensuring all findings are addressed or formally risk-accepted.

• Oversee MSSP/SOC operations, generating alerts for actionable insights, with service level agreements evaluated monthly.

• Align engineering development practices with security measures, integrating secure-by-design principles.

• Ensure compliance with regulations by designing, implementing, and maintaining security policies, standards, and procedures.

• Define, assess, and enhance the principle of least privilege across users and devices.

• Foster a robust culture and training program that includes phishing simulations and secure coding standards.

• Assess and implement security tools and technologies, focusing on optimizing a streamlined and scalable security stack.

⛳️ Requirements

• You have hands-on experience building a security function from the ground up at a regulated fintech, payments business, or bank. Be prepared to discuss the state of the organization when you started and the improvements made during your tenure.

• You have managed a Sev-1 incident from start to finish. Share an example with us.

• You have successfully led an organization through ISO 27001 as the accountable owner, rather than as a consultant on the periphery.

• You have established an MSSP — selecting the vendor, defining use cases, fine-tuning alerts, and terminating any underperforming vendors.

• You have crafted IAM policies that have been effectively implemented by real engineers, specifically within an Azure-native environment (which is our technology stack).

• You are technically adept enough to read Terraform, create a pull request, and troubleshoot events. If you haven't written code in the last 5+ years, this position may not be suitable for you.

• Relevant certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor are advantageous. They serve as tiebreakers, but are not prerequisites.

🏝️ Benefits

• No fixed budget for this role; we hire globally and tailor offers based on experience and market rates.

• Equity ownership in a rapidly growing, profitable NeoBank with a market potential 50-100 times larger than its current size.

• Flexible working hours and location options. This role can be performed remotely, with the choice to work from one of our offices in London, Manila, Singapore, Hong Kong, or Belgrade.

• Additional perks include Macbooks, private health insurance, training budgets, and more!

• Opportunities for periodic travel to our headquarters in Southeast Asia.