IT Governance, Risk, and Compliance Manager

New
E
emerchantpayPayment Services
Fully distributed and remote.Full-TimeManager
Salary not disclosed
Apply NowOpens the employer's application page

Job Details

Languages
English
Experience
At least 10 years in information / cyber security, including a minimum of 2-3 years in a leadership role.
Required Skills
AWSCI/CDDevOpsComplianceRisk Management

Requirements

  • Bachelor’s or master’s degree in computer science, information security, or related field, or equivalent experience.
  • At least 10 years in information/cyber security, including 2-3 years in a leadership role.
  • Hands-on experience securing cloud-native environments at scale.
  • Deep, practical public-cloud security knowledge (AWS strongly preferred).
  • Strong experience securing DevOps/CI/CD pipelines and modern microservices architectures (containers, APIs, infrastructure-as-code).
  • Solid understanding of security frameworks and compliance standards: ISO 27001, PCI DSS, SOC 2, and NIST CSF.
  • Working AI security literacy, including practical understanding of securing AI/LLM applications and familiarity with OWASP Top 10 for LLMs.
  • Hands-on experience with security operations, incident response, and vulnerability management.
  • Excellent verbal and written communication skills with fluency in English.

Responsibilities

  • Define and maintain the information security strategy, standards, and roadmap aligned to regulations and best practices.
  • Steer security architecture across a cloud-native environment, defining secure-by-design patterns for microservices, APIs, and shared services.
  • Establish and govern secure SDLC practices, embedding automated security controls into CI/CD pipelines.
  • Build and run security monitoring, logging, and threat detection across cloud, infrastructure, and application layers.
  • Lead the security incident response lifecycle and act as incident commander for security events.
  • Own vulnerability and threat management including scanning, prioritization, and remediation tracking.
  • Govern identity and access management, privileged access, and least-privilege principles across cloud and corporate systems.
  • Implement and evidence the technical security controls underpinning PCI DSS, ISO 27001, and SOC audits.
View Full Description & ApplyYou'll be redirected to the employer's site
View details
Apply Now