IT Governance, Risk, and Compliance Manager
New
E
emerchantpayPayment Services
Fully distributed and remote.Full-TimeManager
Salary not disclosed
Apply NowOpens the employer's application page
Job Details
- Languages
- English
- Experience
- At least 10 years in information / cyber security, including a minimum of 2-3 years in a leadership role.
- Required Skills
- AWSCI/CDDevOpsComplianceRisk Management
Requirements
- Bachelor’s or master’s degree in computer science, information security, or related field, or equivalent experience.
- At least 10 years in information/cyber security, including 2-3 years in a leadership role.
- Hands-on experience securing cloud-native environments at scale.
- Deep, practical public-cloud security knowledge (AWS strongly preferred).
- Strong experience securing DevOps/CI/CD pipelines and modern microservices architectures (containers, APIs, infrastructure-as-code).
- Solid understanding of security frameworks and compliance standards: ISO 27001, PCI DSS, SOC 2, and NIST CSF.
- Working AI security literacy, including practical understanding of securing AI/LLM applications and familiarity with OWASP Top 10 for LLMs.
- Hands-on experience with security operations, incident response, and vulnerability management.
- Excellent verbal and written communication skills with fluency in English.
Responsibilities
- Define and maintain the information security strategy, standards, and roadmap aligned to regulations and best practices.
- Steer security architecture across a cloud-native environment, defining secure-by-design patterns for microservices, APIs, and shared services.
- Establish and govern secure SDLC practices, embedding automated security controls into CI/CD pipelines.
- Build and run security monitoring, logging, and threat detection across cloud, infrastructure, and application layers.
- Lead the security incident response lifecycle and act as incident commander for security events.
- Own vulnerability and threat management including scanning, prioritization, and remediation tracking.
- Govern identity and access management, privileged access, and least-privilege principles across cloud and corporate systems.
- Implement and evidence the technical security controls underpinning PCI DSS, ISO 27001, and SOC audits.
View Full Description & ApplyYou'll be redirected to the employer's site